app-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes subprocess.run to execute system commands (pkg, cmd package, aapt) to gather information about installed software. This is required for its primary function but grants the agent the ability to interact with the system package manager.
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8). The skill processes untrusted data from the device environment (app labels and package names). 1. Ingestion points: The Python script get_app_labels.py retrieves application labels using aapt dump badging and SKILL.md reads pkg list-installed output. 2. Boundary markers: Absent. There are no delimiters or instructions to the agent to treat the collected app names as purely data and ignore embedded instructions. 3. Capability inventory: The skill workflow in SKILL.md generates pkg uninstall and cmd package archive commands, which can modify system software. 4. Sanitization: None detected. App names are processed as-is.
Audit Metadata