jspecify-skill
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures project build files (pom.xml, build.gradle) to fetch dependencies from standard public registries. These dependencies include 'org.jspecify:jspecify', 'com.google.errorprone:error_prone_core', and 'com.uber.nullaway:nullaway', which are well-known tools from reputable sources.
- [COMMAND_EXECUTION]: Instructions guide the user to run a provided Python script 'scripts/verify_nullmarked.py' to validate the presence of nullability annotations across the project source tree. The script performs local file system reads and uses regular expressions to verify content.
- [SAFE]: The skill implements standard development practices for Java projects. No evidence of prompt injection, data exfiltration, or obfuscation was found in the instructions or the accompanying script.
Audit Metadata