android-kotlin
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its operational requirements.
- Ingestion points: The skill reads Android project files including .kt, .gradle.kts, and AndroidManifest.xml.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from potentially following malicious instructions embedded in the local source code.
- Capability inventory: The skill utilizes tools for writing files and executing bash commands (e.g., executing gradlew tasks).
- Sanitization: No content sanitization or validation mechanisms are defined for the ingested file data.
- [EXTERNAL_DOWNLOADS]: The skill references and links to various trusted official and well-known third-party resources.
- Trusted organizations: References documentation from Google (Android), JetBrains (Kotlin), and official sites for libraries like Coil, Koin, Hilt, Retrofit, and Ktor.
- [COMMAND_EXECUTION]: The skill provides patterns for executing standard Android build and test operations.
- Build tasks: Examples include using the Gradle wrapper for assembly, linting, and running tests.
Audit Metadata