android-reverse-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of Android binaries, creating an attack surface for indirect prompt injection. \n
- Ingestion points: APK, XAPK, JAR, and AAR files are processed and decompiled (SKILL.md). \n
- Boundary markers: The workflow lacks clear delimiters or instructions to prevent the agent from obeying malicious commands embedded in the decompiled source code or metadata. \n
- Capability inventory: The agent uses decompilers (jadx, vineflower) to extract logic and document API endpoints (SKILL.md). \n
- Sanitization: There is no evidence of sanitization or filtering applied to the extracted code strings before they are processed by the agent. \n- [COMMAND_EXECUTION]: The skill relies on external command-line tools to perform its core tasks. \n
- Evidence: The workflow involves executing
jadx,Vineflower,Fernflower, anddex2jarto decompile and analyze artifacts (SKILL.md).
Audit Metadata