hz-new-project-creation
Warn
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The Android project configuration in 'references/android-project.md' points to a non-standard Maven repository hosted under a personal GitHub account (nickalcala) rather than a verified organization for the Meta Spatial SDK.
- [EXTERNAL_DOWNLOADS]: The web project instructions in 'references/web-project.md' direct users to install a global NPM package from a personal account ('@nickalcala/nickalcala') to handle APK packaging. Using third-party forks for core development tools introduces supply chain risk.
Audit Metadata