mobile-app-security-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references the installation of standard security research tools
frida-toolsandobjectionvia PyPI (pip). It also includes a command to runmobsfvia Docker Hub. These are well-known, legitimate tools relevant to the skill's primary purpose. - [COMMAND_EXECUTION] (SAFE): Provides standard shell commands (
cat,find,apktool,jadx) used for inspecting application source code and metadata. These operations are performed on user-provided application files as part of the security testing workflow. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill establishes an ingestion surface by analyzing external APK and IPA files.
- Ingestion points: User-supplied mobile application files (
app.apk,app.ipa). - Boundary markers: None explicitly defined in the provided snippets.
- Capability inventory: Local file inspection, decompilation, and hooking via Frida/Objection.
- Sanitization: Not applicable as the skill provides templates for manual tool execution rather than automated data processing.
- [DATA_EXPOSURE] (SAFE): Contains examples of hardcoded API keys and insecure storage patterns. These are explicitly labeled as 'Insecure Code' (不安全的代码) or 'Vulnerabilities' (常见漏洞) for educational identification and do not constitute an actual leak of sensitive information.
Audit Metadata