building-java-knowledge-graph
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Resource Acquisition and Compilation: During the setup phase, the skill fetches language grammars from the tree-sitter community repositories on GitHub. These grammars are then compiled into a shared library (
languages.so) on the host machine. This is a common pattern for high-performance code analysis tools but involves executing a compiler and running binary code generated from remote sources. - File System Management: The skill is designed to manage its own output directory by clearing existing files before generating new diagrams. While this ensures clean results, the skill documentation includes a specific warning for users to avoid pointing the tool at shared or sensitive project directories to prevent unintended file removal.
- Integration with System Tools: The analysis engine integrates with local CLI utilities such as
git(for grammar installation) anddot(Graphviz) for rendering SVG diagrams. The skill executes these tools using standard process execution methods with controlled arguments.
Audit Metadata