build-test-verify
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate build, test, and linting commands specifically tailored for the Bitwarden Android repository. These commands (e.g.,
./gradlew,fastlane) are standard for Android development and align with the skill's stated purpose. - [COMMAND_EXECUTION]: While the skill contains instructions to execute shell commands via Gradle and Fastlane, these are restricted to standard project tasks (assembling APKs, running unit tests, static analysis). There is no evidence of arbitrary or dangerous command execution.
- [DATA_EXPOSURE]: The skill references the requirement of a
GITHUB_TOKENfor environment setup to access SDK packages from GitHub Packages. This is a standard authentication practice for private registries and is documented as an environment variable requirement rather than a hardcoded secret or an attempt to exfiltrate data. - [PROMPT_INJECTION]: No evidence of prompt injection, instruction overrides, or attempts to bypass agent safety guidelines was found in the skill content or metadata.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns, such as downloading and piping scripts from untrusted external sources, were detected. References to the Bitwarden SDK on GitHub are appropriate for the project's ecosystem.
Audit Metadata