analysis-api-extend-ka-resolver

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local build commands using ./gradlew to update API definitions and manage test data (e.g., ./gradlew :compiler:psi:psi-api:updateKotlinAbi and ./gradlew updateTestData). These are standard operations within the Kotlin project environment required for its stated purpose.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes user-provided input to identify files and generate code.
  • Ingestion points: The user-supplied <KtPsiType> argument and responses to architecture questions in Phase 2.
  • Boundary markers: Absent; the input is interpolated into file search patterns and code templates without explicit delimiters.
  • Capability inventory: The skill has the capability to read/write repository source files and execute shell-based build scripts via Gradle.
  • Sanitization: There is no explicit validation or sanitization of the input type name before it is used to perform file system searches or code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 12:25 AM
Security Audit — agent-trust-hub — analysis-api-extend-ka-resolver