android-compose-accessibility
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and runnable scenarios suggest executing local shell commands, including
./gradlewfor building and testing, and a Python scriptscripts/eval_triggers.pyfor trigger evaluation. - [EXTERNAL_DOWNLOADS]: The use of the Gradle wrapper (
gradlew) for building the project and running tests involves downloading the Gradle distribution and project dependencies from official Android and Maven repositories. - [COMMAND_EXECUTION]: The skill references a local file
scripts/eval_triggers.pywhich is not included in the provided file list, preventing a direct analysis of its contents; however, its usage appears to be limited to internal skill evaluation. - [PROMPT_INJECTION]: The skill is designed to analyze and review user-provided Android Compose code. While this presents an indirect prompt injection surface, the risk is minimal as the skill's instructions are focused on standard UI accessibility patterns.
Audit Metadata