The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill exposes the agent to untrusted data from the Android device, which could contain malicious instructions.\n
Ingestion points: scripts/app_state_capture.py reads UI hierarchies and system logs from the connected device.\n
Boundary markers: Absent. No specific delimiters or safety instructions are wrapped around the device data.\n
Capability inventory: Full ADB access and local Gradle build execution.\n
Sanitization: No sanitization is performed on data retrieved from the device before it is processed by the agent.\n- Command Execution (SAFE): The skill executes adb, emulator, and gradlew to perform its tasks. These calls are made using subprocess.run with structured argument lists, minimizing shell injection risks on the host machine.\n- Privilege Escalation (SAFE): The scripts/build_and_test.py script applies chmod 0o755 to the gradlew binary within the project directory. This is a standard and expected operation for Android build automation.

android-emulator-skill