lineageos
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill downloads the 'repo' tool from 'storage.googleapis.com'. This is the official Google-hosted source for the standard Android development tool and is considered a trusted source under the analysis guidelines.\n- [COMMAND_EXECUTION] (SAFE): Standard shell commands for Android build environments ('repo sync', 'breakfast', 'brunch', 'mka') are used correctly for their intended purpose. These do not constitute arbitrary or malicious command execution.\n- [DATA_EXFILTRATION] (SAFE): The skill uses official LineageOS Gerrit ('review.lineageos.org') for legitimate code contributions. No sensitive local data, such as SSH private keys or cloud credentials, is accessed or exfiltrated.\n- [FALSE_POSITIVE_ALERT] (SAFE): The automated scanner flagged 'audio.primary.platform.so' as a malicious URL. Analysis confirms this is a false positive; the string is a local filesystem path for an Android shared object library, not a remote URL. The scanner's heuristic likely misinterpreted the '.so' extension as a TLD.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata