gradle-kotlin-dsl-doctor
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various Gradle wrapper commands (e.g.,
./gradlew build,./gradlew dependencies,./gradlew dependencyInsight) to diagnose build issues and verify fixes. This is a necessary and standard capability for a build-management tool. - [EXTERNAL_DOWNLOADS]: The skill relies on the Gradle ecosystem, which facilitates the downloading of plugins and dependencies from public and private repositories (e.g., Maven Central, Gradle Plugin Portal) during the build and diagnostic process.
- [PROMPT_INJECTION]: The skill processes untrusted data from repository files and command outputs, representing a potential surface for indirect prompt injection.
- Ingestion points: The skill reads
build.gradle.kts,settings.gradle.kts,gradle.properties,gradle/libs.versions.toml,gradle-wrapper.properties, and the output of failing Gradle tasks. - Boundary markers: None. The instructions do not define delimiters or warnings to ignore malicious instructions that might be embedded in the files or build logs being analyzed.
- Capability inventory: The skill can execute shell commands through the Gradle wrapper (
./gradlew). - Sanitization: None. Content from the analyzed files is processed directly by the agent without specific sanitization or escaping mechanisms.
Audit Metadata