Skills
skills/emrahyurttutan/skills/emrah-skills/Gen Agent Trust Hub

emrah-skills

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes instructions to download an installation script for Maestro, a well-known mobile UI testing framework, from its official domain (mobile.dev).
  • Evidence found in SKILL.md and GitHub Actions workflow files (maestro-android.yml, maestro-ios.yml).
  • Targets: https://get.maestro.mobile.dev.
  • [REMOTE_CODE_EXECUTION]: The skill provides commands to execute the downloaded Maestro installation script using bash to set up the testing environment.
  • Evidence in SKILL.md: bash install-maestro.sh.
  • This is a standard installation procedure for this developer tool and is documented within a specific testing setup context.
  • [SAFE]: The skill uses placeholders and environment variables for sensitive configuration data, such as AdMob app IDs and OIDC client secrets.
  • Example: ca-app-pub-xxxxxxxxxxxxxxxx~yyyyyyyyyy in app.json configuration.
  • Example: Use of SecureStore for OIDC token persistence in the provided authentication implementation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://get.maestro.mobile.dev - DO NOT USE without thorough review
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 12:41 PM