r8-analyzer
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates as a read-only analyzer, scanning project files such as
build.gradle,gradle.properties, and ProGuard configuration files to identify optimization opportunities. No mechanisms for unauthorized file modification or data exfiltration were found.\n- [SAFE]: External references point to official documentation and configuration files in trusted repositories, including those maintained by Google, Square, and JetBrains.\n- [SAFE]: The core instructions explicitly prohibit the agent from modifying the codebase, ensuring that all findings are presented only as suggestions to the developer.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted user-controlled data (source code and build scripts).\n - Ingestion points: Project build files (
build.gradle,gradle.properties), ProGuard rules, and application source code as specified in Step 2, Step 4, and Step 6 of the core workflow.\n - Boundary markers: No explicit delimiters are used when reading external files.\n
- Capability inventory: The skill is capable of generating an analysis report file (
R8_Configuration_Analysis.md) but is restricted from executing commands or modifying existing project files by the mandatory rules.\n - Sanitization: No sanitization of ingested content is performed, though the risk is minimized by the skill's purely advisory role.
Audit Metadata