adb
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute Android Debug Bridge (ADB) commands. The 'allowed-tools' section uses broad wildcards (e.g., 'adb shell ls*'), which permits the agent to append arbitrary arguments to these commands. This creates a potential for abuse if the agent is manipulated into executing unintended command flags or sub-commands.- [DATA_EXFILTRATION]: Several tools enable the retrieval of sensitive information from connected Android devices. Specifically, 'adb pull' allows file extraction, 'adb shell cat' reads file contents, and 'adb bugreport' generates comprehensive system diagnostic reports. While this is the primary purpose of the skill, it represents a significant exposure of device data, including logs, account info, and private files.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from an external source (the Android device).
- Ingestion points: Untrusted data enters the agent's context through 'adb logcat' (system logs), 'adb shell cat' (file content), and 'adb shell ls' (file names).
- Boundary markers: There are no markers or instructions to treat data from the device as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has access to a wide range of Bash/ADB commands and file retrieval capabilities.
- Sanitization: No sanitization or validation is performed on the output returned from the ADB commands before it is processed by the AI.
Audit Metadata