jspecify-skill
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill configuration or the included verification script.
- [EXTERNAL_DOWNLOADS]: The skill provides configuration for Maven and Gradle to download standard and reputable Java dependencies, including
org.jspecify, Google'serror_prone_core, and Uber'snullaway. These are well-known and trusted tools within the Java development ecosystem. - [COMMAND_EXECUTION]: The skill includes a local Python script,
scripts/verify_nullmarked.py, to verify that Java packages are correctly annotated. Analysis of the script confirms it only performs read-only file system operations on the local source directory and does not execute external commands or perform network operations.
Audit Metadata