termux-api

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content explicitly documents enabling remote command execution via SSH and termux-api commands that access and retrieve highly sensitive data (camera, microphone, SMS, contacts, clipboard, location, files), so while legitimate for device administration it contains multiple high-risk patterns that can be abused for data exfiltration and as a backdoor.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill allows opening and downloading arbitrary URLs and accessing user-provided files/clipboard (e.g., termux-open-url, termux-download, termux-storage-get, termux-clipboard-get), so the agent can fetch and read untrusted third-party content that could carry indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt instructs modifying device state and authentication (installing openssh, running sshd, running passwd, adding keys to ~/.ssh/authorized_keys) and issues commands that alter system settings and access sensors/communications, which can compromise the host's security and state.