android-release-validation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): Automated scanner URLite flagged a blacklisted URL in 'proguard-rules.pro'. This suggests the skill may attempt to contact or download from a malicious domain during ProGuard/R8 processing.
- [COMMAND_EXECUTION] (LOW): The templates include scripts that execute Gradle tasks and shell commands (e.g., chmod, aapt, jarsigner) which are standard for Android build automation.
- [CREDENTIALS_UNSAFE] (INFO): The GitHub Action workflow is designed to handle sensitive Android signing credentials (keystore and passwords) via repository secrets.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata