open-autoglm-phone-agent
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands via subprocess.run using adb and hdc to control connected mobile devices. Specific commands include tap, swipe, keyevent, and monkey for app management.
- [DATA_EXFILTRATION]: Accesses sensitive user data by capturing screenshots of the device screen using adb exec-out screencap.
- [EXTERNAL_DOWNLOADS]: Fetches the framework code from a GitHub repository (github.com/zai-org/Open-AutoGLM) and installs third-party Python packages.
- [PROMPT_INJECTION]: Exhibits an attack surface for indirect prompt injection. * Ingestion points: Reads device screen content via screenshots (SKILL.md). * Boundary markers: Includes a confirm_sensitive flag to prompt users before high-risk actions. * Capability inventory: Full device control via adb and hdc subprocess calls (SKILL.md). * Sanitization: Relies on model-level reasoning; no explicit input sanitization of screen content described.
Audit Metadata