diff --git a/maven-api-impl/src/main/java/org/apache/maven/internal/impl/resolver/PluginsMetadataGenerator.java b/maven-api-impl/src/main/java/org/apache/maven/internal/impl/resolver/PluginsMetadataGenerator.java
index e9a9907af6..42404cf8f3 100644
--- a/maven-api-impl/src/main/java/org/apache/maven/internal/impl/resolver/PluginsMetadataGenerator.java
+++ b/maven-api-impl/src/main/java/org/apache/maven/internal/impl/resolver/PluginsMetadataGenerator.java
@@ -27,6 +27,7 @@
 import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.Map;
+import java.util.Objects;
 import java.util.jar.JarFile;
 import java.util.zip.ZipEntry;
 
@@ -132,9 +133,23 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
                             String artifactId = root.getChild("artifactId").getValue();
                             String goalPrefix = root.getChild("goalPrefix").getValue();
                             String name = root.getChild("name").getValue();
-                            return new PluginInfo(groupId, artifactId, goalPrefix, name);
+                            // sanity check: plugin descriptor extracted from artifact must have same GA
+                            if (Objects.equals(artifact.getGroupId(), groupId)
+                                    && Objects.equals(artifact.getArtifactId(), artifactId)) {
+                                return new PluginInfo(groupId, artifactId, goalPrefix, name);
+                            } else {
+                                throw new InvalidArtifactPluginMetadataException(
+                                        "Artifact " + artifact.getGroupId() + ":"
+                                                + artifact.getArtifactId()
+                                                + " JAR (to be installed/deployed) contains Maven Plugin metadata for plugin "
+                                                + groupId + ":" + artifactId + "; coordinates are conflicting. "
+                                                + "Most probably your JAR contains rogue Maven Plugin metadata, "
+                                                + "possible causes may be: shaded in Maven Plugin or some rogue resource)");
+                            }
                         }
                     }
+                } catch (RuntimeException e) {
+                    throw e;
                 } catch (Exception e) {
                     // here we can have: IO. ZIP or Plexus Conf Ex: but we should not interfere with user intent
                 }
@@ -142,4 +157,10 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
         }
         return null;
     }
+
+    public static final class InvalidArtifactPluginMetadataException extends IllegalArgumentException {
+        InvalidArtifactPluginMetadataException(String s) {
+            super(s);
+        }
+    }
 }
diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
index f02e1d1eb2..af3d6541c5 100644
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
@@ -27,6 +27,7 @@
 import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.Map;
+import java.util.Objects;
 import java.util.jar.JarFile;
 import java.util.zip.ZipEntry;
 
@@ -133,9 +134,23 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
                             String artifactId = root.getChild("artifactId").getValue();
                             String goalPrefix = root.getChild("goalPrefix").getValue();
                             String name = root.getChild("name").getValue();
-                            return new PluginInfo(groupId, artifactId, goalPrefix, name);
+                            // sanity check: plugin descriptor extracted from artifact must have same GA
+                            if (Objects.equals(artifact.getGroupId(), groupId)
+                                    && Objects.equals(artifact.getArtifactId(), artifactId)) {
+                                return new PluginInfo(groupId, artifactId, goalPrefix, name);
+                            } else {
+                                throw new InvalidArtifactPluginMetadataException(
+                                        "Artifact " + artifact.getGroupId() + ":"
+                                                + artifact.getArtifactId()
+                                                + " JAR (to be installed/deployed) contains Maven Plugin metadata for plugin "
+                                                + groupId + ":" + artifactId + "; coordinates are conflicting. "
+                                                + "Most probably your JAR contains rogue Maven Plugin metadata, "
+                                                + "possible causes may be: shaded in Maven Plugin or some rogue resource)");
+                            }
                         }
                     }
+                } catch (RuntimeException e) {
+                    throw e;
                 } catch (Exception e) {
                     // here we can have: IO. ZIP or Plexus Conf Ex: but we should not interfere with user intent
                 }
@@ -143,4 +158,10 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
         }
         return null;
     }
+
+    public static final class InvalidArtifactPluginMetadataException extends IllegalArgumentException {
+        InvalidArtifactPluginMetadataException(String s) {
+            super(s);
+        }
+    }
 }
diff --git a/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java b/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
index ce33186a73..8013fb4930 100644
--- a/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
+++ b/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
@@ -18,26 +18,26 @@
  */
 package org.apache.maven.repository.internal;
 
+import java.nio.file.Files;
 import java.util.Arrays;
 import java.util.List;
 
+import org.eclipse.aether.DefaultRepositorySystemSession;
 import org.eclipse.aether.artifact.Artifact;
 import org.eclipse.aether.artifact.DefaultArtifact;
 import org.eclipse.aether.collection.CollectRequest;
 import org.eclipse.aether.collection.CollectResult;
 import org.eclipse.aether.graph.Dependency;
 import org.eclipse.aether.graph.DependencyNode;
+import org.eclipse.aether.installation.InstallRequest;
+import org.eclipse.aether.repository.LocalRepository;
 import org.eclipse.aether.resolution.ArtifactDescriptorRequest;
 import org.eclipse.aether.resolution.ArtifactDescriptorResult;
 import org.eclipse.aether.resolution.ArtifactRequest;
 import org.eclipse.aether.resolution.ArtifactResult;
 import org.junit.jupiter.api.Test;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
 class RepositorySystemTest extends AbstractRepositoryTestCase {
     @Test
@@ -211,4 +211,30 @@ void testNewLocalRepositoryManager() throws Exception {
     void testNewSyncContext() throws Exception {
         // SyncContext newSyncContext( RepositorySystemSession session, boolean shared );
     }
+
+    @Test
+    void testRoguePlugin() throws Exception {
+        Artifact artifact = new DefaultArtifact("ut.simple:rogue-plugin:1.0");
+
+        ArtifactRequest artifactRequest = new ArtifactRequest();
+        artifactRequest.setArtifact(artifact);
+        artifactRequest.addRepository(newTestRepository());
+
+        ArtifactResult artifactResult = system.resolveArtifact(session, artifactRequest);
+        checkArtifactResult(artifactResult, "rogue-plugin-1.0.jar");
+
+        InstallRequest installRequest = new InstallRequest();
+        installRequest.addArtifact(artifactResult.getArtifact());
+
+        DefaultRepositorySystemSession loc = new DefaultRepositorySystemSession(session);
+        loc.setLocalRepositoryManager(
+                system.newLocalRepositoryManager(session, new LocalRepository(Files.createTempDirectory("local"))));
+        try {
+            system.install(loc, installRequest);
+            fail("install should fail");
+        } catch (Exception e) {
+            assertInstanceOf(PluginsMetadataGenerator.InvalidArtifactPluginMetadataException.class, e);
+            assertTrue(e.getMessage().contains("coordinates are conflicting"));
+        }
+    }
 }
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar
new file mode 100644
index 0000000000..8163c13626
Binary files /dev/null and b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar differ
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom
new file mode 100644
index 0000000000..84d007fc5f
--- /dev/null
+++ b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>ut.simple</groupId>
+  <artifactId>rogue-plugin</artifactId>
+  <version>1.0</version>
+
+  <name>Simple Unit Test Rogue Plugin</name>
+</project>
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml
new file mode 100644
index 0000000000..8618d47389
--- /dev/null
+++ b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+-->
+
+<metadata xmlns="http://maven.apache.org/METADATA/1.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/METADATA/1.1.0 http://maven.apache.org/xsd/metadata-1.1.0.xsd">
+  <groupId>ut.simple</groupId>
+  <artifactId>rogue-plugin</artifactId>
+  <versioning>
+    <latest>1.0</latest>
+    <release>1.0</release>
+    <versions>
+      <version>1.0</version>
+    </versions>
+    <lastUpdated>20111123122038</lastUpdated>
+  </versioning>
+</metadata>
\ No newline at end of file