android-ci-tests
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The generated workflow includes
sudocommands to modify system udev rules (/etc/udev/rules.d/99-kvm4all.rules). While necessary for KVM acceleration in CI emulators, use ofsudois a privileged operation. This finding is downgraded from HIGH to MEDIUM as it is essential for the skill's primary purpose. - [EXTERNAL_DOWNLOADS] (LOW): The workflow references several GitHub Actions from organizations not in the trusted list (e.g.,
android-actions,reactivecircus,EnricoMi,gradle, and even theactionsorganization itself). This is downgraded to LOW as these are standard tools in the Android CI ecosystem. - [REMOTE_CODE_EXECUTION] (SAFE): The skill demonstrates security best practices by pinning most GitHub Actions to specific commit SHAs, which protects against supply chain attacks via tag manipulation.
Audit Metadata