jetpack-compose-audit
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the Gradle wrapper (
./gradlew) from the target repository provided by the user. This is done to run a build task (e.g.,compileReleaseKotlin) combined with a bundled init script to extract Compose compiler metrics. While executing scripts from an arbitrary target repository is a privileged operation, it is a primary and necessary function of this specialized audit tool. - [PROMPT_INJECTION]: As an audit tool, the skill is subject to indirect prompt injection risks. It ingests and processes untrusted data (source code, build configurations, and compiler reports) from the target repository to generate its findings.
- Ingestion points: All Kotlin source files (
.kt), Gradle scripts (.gradle,.gradle.kts), and TOML configuration files in the target repository path. - Boundary markers: The skill does not employ explicit boundary markers or delimiters when reading external code files via
GreporReadtools. - Capability inventory: The skill has access to
Bash(shell execution),Write(file creation), andAgent(subagent spawning) capabilities. - Sanitization: There is no automated sanitization of ingested code content. However, the skill mitigates manipulation risks by requiring that every audit finding be cited against a specific list of official
developer.android.comURLs, preventing the agent from relying solely on instructions embedded within the analyzed data. - [COMMAND_EXECUTION]: The skill utilizes ripgrep (
rg) extensively to scan the target codebase for architectural patterns and performance smells. These commands are scoped to the user-provided directory and used for read-only analysis.
Audit Metadata