analyze-mobile-app
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses
adb shellcommands to interact with Android devices. This includes simulating physical inputs (tap, swipe, keyevent, text typing) and extracting system-level information (wm size, dumpsys window). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it parses untrusted UI data to drive its navigation logic.
- Ingestion points: UI hierarchy data is retrieved from the device via
adb shell cat /sdcard/ui.xmland processed by the agent. - Boundary markers: No boundary markers or instructions are provided to the agent to help it distinguish between mobile app content and operational commands.
- Capability inventory: The skill possesses high-privilege capabilities on the connected device via
adb shell, including the ability to enter text, click buttons, and navigate the file system. - Sanitization: There is no evidence of sanitization or filtering of the UI data before it is used to calculate coordinates for interaction or to generate reports.
- [DATA_EXFILTRATION]: While no network-based exfiltration is detected, the skill extracts sensitive UI information and screenshots from a mobile device to a local host environment, which may include user data if private applications are active during the analysis.
Audit Metadata