jetpack-compose-m3

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches version metadata from the official Google Maven repository at dl.google.com to determine the latest library versions. This is a well-known and trusted service used for dependency management.
  • [COMMAND_EXECUTION]: Instructs the agent to use find to locate specific sample JAR files within the local Gradle cache (~/.gradle) and unzip to extract them for reference. These operations are restricted to official library paths and serve the primary purpose of providing implementation guidance.
  • [PROMPT_INJECTION]: Evaluated the surface for indirect prompt injection.
  • Ingestion points: Metadata from the remote Maven XML and extracted Kotlin source code from library sample JARs.
  • Boundary markers: Absent; the agent reads the retrieved content directly.
  • Capability inventory: Shell command execution (find, unzip) and file system read/write within the skill and Gradle cache directories.
  • Sanitization: None; however, because the ingestion is limited to official artifacts from a trusted vendor, the likelihood of malicious instruction embedding is minimal.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:56 PM
Security Audit — agent-trust-hub — jetpack-compose-m3