jetpack-compose-m3
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches version metadata from the official Google Maven repository at
dl.google.comto determine the latest library versions. This is a well-known and trusted service used for dependency management. - [COMMAND_EXECUTION]: Instructs the agent to use
findto locate specific sample JAR files within the local Gradle cache (~/.gradle) andunzipto extract them for reference. These operations are restricted to official library paths and serve the primary purpose of providing implementation guidance. - [PROMPT_INJECTION]: Evaluated the surface for indirect prompt injection.
- Ingestion points: Metadata from the remote Maven XML and extracted Kotlin source code from library sample JARs.
- Boundary markers: Absent; the agent reads the retrieved content directly.
- Capability inventory: Shell command execution (find, unzip) and file system read/write within the skill and Gradle cache directories.
- Sanitization: None; however, because the ingestion is limited to official artifacts from a trusted vendor, the likelihood of malicious instruction embedding is minimal.
Audit Metadata