Skills
skills/aldefy/compose-skill/compose-expert/Gen Agent Trust Hub

compose-expert

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local shell commands (grep, find) upon session start to automatically detect if the current workspace contains a Jetpack Compose project (references/auto-init.md).
  • [COMMAND_EXECUTION]: During PR reviews, the skill instructs the agent to execute GitHub CLI (gh) and system utility commands (cat, base64) to inspect project settings and codebase conventions (references/pr-review.md).
  • [EXTERNAL_DOWNLOADS]: The agent is instructed to fetch PR diffs and repository file contents from GitHub using the gh tool when a user provides a PR URL.
  • [PROMPT_INJECTION]: The skill fetches and processes untrusted data from GitHub repositories without explicit sanitization or boundary markers, creating a surface for indirect prompt injection. A malicious PR could contain code or comments designed to influence the agent's behavior during the review phase (references/pr-review.md).
  • Ingestion points: PR diffs and repository files fetched via the gh CLI as part of the review workflow in references/pr-review.md.
  • Boundary markers: Not present; the instructions do not suggest wrapping external content in delimiters or using warnings.
  • Capability inventory: The agent can execute shell commands (gh, cat, grep, find) and perform multi-file code analysis.
  • Sanitization: Not present; the agent analyzes the fetched code and metadata directly.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 11:34 AM