dogfood
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npx agent-device:*to download and execute the testing utility from the npm registry. - [COMMAND_EXECUTION]: Executes shell commands for environment setup (
mkdir,cp) and various CLI operations viaagent-deviceto interact with mobile apps, including launching apps, taking snapshots, and recording videos. - [CREDENTIALS_UNSAFE]: The authentication workflow passes user-provided
{EMAIL}and{PASSWORD}as plaintext arguments to theagent-device fillcommand, which can expose secrets in process lists or shell history logs. - [DATA_EXFILTRATION]: Reads mobile application logs via
agent-device logs pathto assist in bug diagnosis. All captured data is stored in the local output directory specified by the user.
Audit Metadata