maestro-e2e-testing
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation section in
SKILL.mddirects users to executecurl -fsSL "https://get.maestro.mobile.dev" | bash. This specific URL has been flagged by automated security scanners as being associated with malicious activity (Botnet), and piping remote content directly to a shell is a high-risk pattern. - [COMMAND_EXECUTION]: The skill uses the Maestro framework which supports the
runScriptandevalScriptcommands. These allow for the execution of arbitrary JavaScript code within the mobile automation context, providing a significant capability for local code execution as documented incommands.md. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of external binaries and scripts from
mobile.devwithout providing mechanisms for integrity verification, such as checksums or signatures. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: Test flow files (
.maestro/*.yaml) and external scripts (scripts/*.js) are processed to drive agent actions. Boundary markers: There are no markers or instructions provided to the agent to ignore potentially malicious commands embedded in these files. Capability inventory: The skill can execute scripts (runScript), evaluate expressions (evalScript), and open deep links or URLs (openLink). Sanitization: There is no evidence of sanitization or validation of the test flow data before it is interpreted and executed.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.maestro.mobile.dev - DO NOT USE without thorough review
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata