agp-9-upgrade
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill instructs the agent to inspect files within the Gradle cache directory (
~/.gradle/caches/modules-2/files-2.1/) to verify if dependencies are compatible with KSP. This is a functional requirement for the migration process and targets specific library artifacts. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted project data (build scripts, properties files, and dependency JARs) and possesses capabilities to modify files and execute build commands (
./gradlew). This surface is inherent to the developer-centric nature of the skill's migration tasks. - Ingestion points:
build.gradle,gradle.properties, and external dependency artifacts in the Gradle cache. - Boundary markers: Absent in the instructions.
- Capability inventory: File modification (writing to Gradle build scripts and properties) and command execution (running
./gradlew helpand./gradlew build --dry-run). - Sanitization: No explicit sanitization or validation logic is provided for the content read from the project files.
- [COMMAND_EXECUTION]: The skill uses standard
./gradlewcommands for verification purposes (sync, help, and dry-run build). These are appropriate for the intended use case. - [EXTERNAL_DOWNLOADS]: The skill references external resources from official Android developer domains (
developer.android.com) and the vendor's GitHub repository (github.com/android/gradle-recipes), which are trusted sources for this context.
Audit Metadata