android-expert
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to interact with and analyze external codebases, which creates a surface for indirect prompt injection. \n
- Ingestion points: The skill accepts a target path in its input schema and utilizes Read, Glob, and Grep tools to ingest content from the filesystem. \n
- Boundary markers: There are no explicit instructions or delimiters defined to help the agent distinguish between legitimate code and malicious instructions embedded within source files or comments. \n
- Capability inventory: The skill is equipped with high-privilege tools including Bash, Write, and Edit, allowing for command execution and file modification. \n
- Sanitization: The instructions do not include specific sanitization or validation steps for content retrieved from external files before it is processed or used to influence agent actions. \n- [COMMAND_EXECUTION]: The skill provides the Bash tool to the agent. While intended for Android development tasks such as running Gradle builds or linting, this tool allows for arbitrary command execution on the host system.
Audit Metadata