phone-agent
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's functionality of reading UI text and screenshots from a mobile device creates a surface for indirect prompt injection. Malicious text within apps or web pages could override agent instructions. Evidence: Ingestion points (UI text extraction and screenshots in SKILL.md); Boundary markers (None provided in the instructions); Capability inventory (UI interaction via SDK); Sanitization (None specified).
- [EXTERNAL_DOWNLOADS]: Users are directed to download and install an SDK from a non-trusted repository (github.com/zai-org/Open-AutoGLM). This software executes on the host machine with permissions to control a mobile device.
- [COMMAND_EXECUTION]: The skill requires adb (Android Debug Bridge) and connection to a local service, providing high-level control over the mobile device's operating system, app state, and data.
Audit Metadata