android-lib-lookup
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The scripts/lookup_class.py script calls the javap command to extract class signatures. The call is performed using subprocess.run with a list of arguments, which is a secure method that prevents shell injection. No other external commands are executed.
- [DATA_EXFILTRATION]: The tool accesses local directories such as ~/.gradle/caches and the project path to build its index. Analysis confirms there are no network-based operations or other mechanisms to exfiltrate this data externally.
- [PROMPT_INJECTION]: The skill processes untrusted content from local libraries and Gradle build files. Although this creates an attack surface for indirect prompt injection, the skill lacks the capabilities (such as network access or administrative file writing) required to perform harmful actions based on potentially injected instructions.
- Ingestion points: Maven coordinate strings in build files and class names/contents from JAR/AAR library files in scripts/lookup_class.py.
- Boundary markers: None identified in the script or prompt instructions.
- Capability inventory: Local file reading and javap command execution via subprocess.
- Sanitization: The use of list-based arguments in subprocess.run provides built-in protection against shell injection.
Audit Metadata