mobile-design
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local script
scripts/mobile_audit.pyusing theBashtool. While the script itself is not provided in the input, the context of execution involves processing a user-provided<project_path>. - [REMOTE_CODE_EXECUTION]: The skill includes a highly suspicious instruction: "don't read, just run" regarding the
mobile_audit.pyscript. This is an explicit attempt to bypass the agent's internal security inspection and code analysis capabilities before performing a command execution. - [PROMPT_INJECTION]: The markdown contains instructions that mandate specific "checkpoints" and "anti-memorization" files to be read. While primarily aimed at task performance, the rigid structure and "MANDATORY" labeling are designed to override the agent's default operational patterns.
- [INDIRECT_PROMPT_INJECTION]: The skill creates a surface for indirect injection by reading data from a user-provided project directory.
- Ingestion points:
scripts/mobile_audit.pyprocesses files from a directory provided by the user. - Boundary markers: None are present to distinguish between the script's instructions and the content of the files it audits.
- Capability inventory: The skill has access to
Bash,Read,Glob, andGreptools, allowing it to modify the filesystem or execute commands based on input. - Sanitization: There is no mention of sanitization or validation for the data ingested from the
<project_path>.
Audit Metadata