analysis-api-extend-ka-resolver
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local build commands using
./gradlewto update API definitions and manage test data (e.g.,./gradlew :compiler:psi:psi-api:updateKotlinAbiand./gradlew updateTestData). These are standard operations within the Kotlin project environment required for its stated purpose. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes user-provided input to identify files and generate code.
- Ingestion points: The user-supplied
<KtPsiType>argument and responses to architecture questions in Phase 2. - Boundary markers: Absent; the input is interpolated into file search patterns and code templates without explicit delimiters.
- Capability inventory: The skill has the capability to read/write repository source files and execute shell-based build scripts via Gradle.
- Sanitization: There is no explicit validation or sanitization of the input type name before it is used to perform file system searches or code generation.
Audit Metadata