mobilerun
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides users to download the Droidrun Portal APK from the vendor's official GitHub repository to establish a connection between their physical device and the service.
- [CREDENTIALS_UNSAFE]: The setup workflow instructs the agent to reveal the user's active API key (
dr_sk_...) in the chat interface so the user can manually paste it into the mobile application. This exposure of sensitive credentials in the conversation logs represents a security risk. - [DATA_EXFILTRATION]: By design, the skill captures and transmits potentially sensitive information, including device screenshots and full UI accessibility trees, to the vendor's API endpoints (
api.mobilerun.ai) to allow the agent to perceive and interact with the device. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted data found on the mobile device's screen.
- Ingestion points: Screen content is ingested through the
GET /devices/{deviceId}/ui-stateandGET /devices/{deviceId}/screenshotendpoints. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the ingested screen data.
- Capability inventory: The skill has extensive capabilities including simulating taps (
POST /tap), typing text (POST /keyboard), swiping (POST /swipe), and executing autonomous multi-step tasks (POST /tasks). - Sanitization: There is no evidence of sanitization or filtering of the ingested screen UI elements before they are interpreted by the agent.
Audit Metadata