Skills
skills/rcosteira79/android-skills/android-source-search/Gen Agent Trust Hub

android-source-search

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed to search and retrieve Android source code from official Google and GitHub repositories.
  • [DATA_EXFILTRATION]: Performs network requests to well-known public repositories (android.googlesource.com and raw.githubusercontent.com) to fetch code; no sensitive data is transmitted.
  • [COMMAND_EXECUTION]: Uses the gh api command to list contents of the AndroidX repository, which is a standard use of the GitHub CLI for navigating public repositories.
  • [INDIRECT_PROMPT_INJECTION]: The skill retrieves external source code for processing.
  • Ingestion points: Content is fetched from Gitiles (AOSP) and GitHub (AndroidX) using WebFetch and the gh CLI.
  • Boundary markers: No explicit markers are used to delimit the fetched source code.
  • Capability inventory: The skill uses WebFetch and the gh CLI for network access.
  • Sanitization: No sanitization is performed on the downloaded code, as it is intended for direct reading of implementation details.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 05:29 AM
Security Audit — agent-trust-hub — android-source-search