mobile-security

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content provides explicit, actionable techniques and code snippets for bypassing protections (root/jailbreak detection, certificate pinning), modifying process memory, hooking/injecting code (Frida, Zygisk, native hooks), sideloading and hiding tooling (Magisk/LSPosed), and SSL-trusting code — capabilities that directly enable cheating, traffic interception, and covert remote injection/backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and use the public GitHub raw README at https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md, meaning the agent will ingest untrusted, user-curated third‑party content that can influence its decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly directs the agent at runtime to fetch and use the raw GitHub README at https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md, which would be retrieved and injected into responses (directly controlling prompts) and is presented as a required data dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly describes techniques that require or encourage privileged access and modification of system/runtime state—e.g., /proc/pid/mem reads/writes, Frida hooks, APK/IPA patching, Magisk/Zygisk modules and root/jailbreak bypass—so it pushes actions that compromise the host machine.