android-build
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill downloads the 'repo' tool from 'storage.googleapis.com'. Since Google is a trusted organization, the risk of this download and execution pattern is downgraded to LOW.
- Command Execution (LOW): The skill utilizes standard build commands such as 'gradlew', 'mka', and 'make' which are necessary for its stated purpose.
- Indirect Prompt Injection (HIGH): This skill exposes a significant vulnerability surface by processing external repository data and manifests. • Ingestion points: External code and manifests are ingested via 'repo init' and 'repo sync' commands. • Boundary markers: There are no markers or instructions to prevent the agent from executing instructions embedded within the synced source code. • Capability inventory: The skill has the capability to execute arbitrary code via 'make', 'mka', and the sourcing of 'envsetup.sh' within the synced environment. • Sanitization: There is no validation or sanitization of the external content before it is processed by the build system.
Recommendations
- AI detected serious security threats
Audit Metadata