dogfood
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
agent-deviceCLI tool and standard Unix commands (mkdir,cp) to manage testing sessions, capture device state, and organize report artifacts. - [EXTERNAL_DOWNLOADS]: The skill configuration allows for the use of
npx agent-device, which may download the automation tool from the npm registry if it is not already available in the environment. - [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill ingests untrusted UI data from third-party mobile applications through the
snapshotcommand. This represents a standard risk for agents interacting with external interfaces. - Ingestion points: UI tree and text data are ingested via
agent-device --session {SESSION} snapshot -iinSKILL.md. - Boundary markers: No specific delimiters are used for the UI snapshot data.
- Capability inventory: The skill can execute shell commands, write files to the local system (screenshots, reports, videos), and interact with mobile devices via the
agent-devicetool. - Sanitization: The skill does not explicitly sanitize the text content retrieved from the mobile application's UI before processing.
Audit Metadata