migrate-xml-views-to-jetpack-compose
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to add dependencies from official Google and JetBrains repositories (e.g., androidx.compose and Kotlin plugins) to the project's Gradle configuration files. These are well-known and trusted sources for Android development assets.
- [COMMAND_EXECUTION]: The migration workflow requires executing shell commands for Gradle operations (like sync) and running Android instrumentation tests using frameworks such as Espresso or UI Automator to ensure UI parity and functional integrity.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and analyze untrusted data (XML layout files from a user's project) while having permissions to modify files and execute commands. * Ingestion points: Project XML layout files analyzed in Steps 1 and 2. * Boundary markers: Not specified; the instructions do not explicitly mandate delimiters or instructions to ignore embedded content in XML files. * Capability inventory: Writing to build files, creating Kotlin source files, deleting XML files, and executing shell commands for builds and testing. * Sanitization: No explicit validation or sanitization of the content extracted from XML files is described.
Audit Metadata