Skills
skills/pluginagentmarketplace/custom-plugin-kotlin/kotlin-compose/Gen Agent Trust Hub

kotlin-compose

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOW
Full Analysis
  • [DATA_EXPOSURE] (SAFE): The skill does not access sensitive file paths (e.g., credentials, SSH keys) and performs no network operations.
  • [REMOTE_CODE_EXECUTION] (SAFE): There are no patterns involving remote script downloads or the execution of untrusted external code.
  • [PROMPT_INJECTION] (SAFE): The instructions are strictly limited to technical documentation and configuration. No bypass or override commands were found.
  • [DYNAMIC_EXECUTION] (SAFE): The validation script (scripts/validate.py) uses yaml.safe_load() to parse local configuration files, which prevents unsafe deserialization attacks. No eval(), exec(), or dynamic module loading is present.
  • [INDIRECT_PROMPT_INJECTION] (LOW): While the skill processes a local config.yaml file, it does so for validation purposes only. It lacks the network or file-write capabilities required to weaponize any data ingested from the configuration file.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 01:18 AM