lineageos
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the user to download the 'repo' tool from storage.googleapis.com and a commit-msg hook from review.lineageos.org. While these are download-and-execute patterns, the sources are trusted or official project domains, which downgrades the risk to LOW.
- [COMMAND_EXECUTION] (SAFE): The skill uses standard build environment commands such as 'breakfast', 'brunch', and 'mka' which are essential and expected for Android ROM development.
- [DATA_EXFILTRATION] (SAFE): An automated scanner flagged 'audio.primary.platform.so' as a malicious URL. This is a false positive; the string refers to a local Android Hardware Abstraction Layer (HAL) file path (vendor/lib64/hw/audio.primary.platform.so) inside a configuration file, not a remote network address.
- [PROMPT_INJECTION] (LOW): The 'repopick' utility fetches patches from an external Gerrit server. This represents an indirect prompt injection surface where external code enters the build environment, which is a standard feature of the developer workflow.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata