phone-agent

Functionally legitimate automation skill that poses moderate-to-high operational and privacy risk if misconfigured or used on non-test devices. Principal risks: sensitive data exfiltration via PHONE_AGENT_ENDPOINT (especially if remote), credential exposure in prompts and logs, and abuse via broad Android accessibility permissions. Acceptable for controlled test environments with enforced local-only or authenticated backends, ephemeral/test credentials, and strong operational safeguards. Avoid use on production/personal devices without explicit safeguards.