Skills
skills/tamtom/gplay-cli-skills/gplay-gradle-build/Gen Agent Trust Hub

gplay-gradle-build

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICAL
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill contains standard shell commands for building Android projects (e.g., ./gradlew bundleRelease). These are essential to the primary purpose of the skill and follow best practices.
  • [CREDENTIALS_UNSAFE] (SAFE): The skill demonstrates secure handling of credentials by using environment variables (e.g., System.getenv("KEY_PASSWORD")) and warns against committing sensitive keystore files to version control.
  • [REMOTE_CODE_EXECUTION] (SAFE): No untrusted remote code execution patterns were found. Commands used (Gradle, gplay, bundletool) are standard development tools.
  • [FALSE POSITIVE ALERT] (SAFE): An automated scanner flagged proguard-rules.pro as a malicious URL. This is a false positive; proguard-rules.pro is a standard filename for ProGuard configuration in Android development and is not used as a URL in this context.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:21 PM