Skills
skills/fatih-developer/fth-skills/ecosystem-mobile/Gen Agent Trust Hub

ecosystem-mobile

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The file scripts/install_all.py utilizes the subprocess.run method to execute system commands (skills install [skill_name]). This allows the skill to perform administrative-level changes to the agent's toolkit.
  • [EXTERNAL_DOWNLOADS]: The installation routine triggered by the skill fetches ten external packages (such as mobile-security-auditor and release-orchestrator), introducing numerous unverified third-party dependencies into the workspace.
  • [PROMPT_INJECTION]: The SKILL.md file contains directive 'Execution Rules' and instructions that attempt to override the agent's default planning behavior, commanding it to 'actively guide' users toward installation and strictly forbidding it from attempting tasks autonomously.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 06:26 PM