android-ui-states-validation
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Gradle wrapper (
gradlew) to run connected Android tests and executes a local Python script (scripts/eval_triggers.py) to validate trigger logic. These are standard operations for an Android development toolset. - [EXTERNAL_DOWNLOADS]: The skill references official Google developer documentation (developer.android.com), which is a trusted and well-known source for Android technical guidelines.
- [PROMPT_INJECTION]: There is an inherent surface for indirect prompt injection because the skill is designed to process external project source code (Activities, destinations, and state holders). \n
- Ingestion points: Android source files analyzed during the UI state review workflow. \n
- Boundary markers: Not specified in the instructions. \n
- Capability inventory: Can execute shell commands via Gradle and Python. \n
- Sanitization: No documentation exists for sanitizing or validating the analyzed source code.
Audit Metadata