android-pentest
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup scripts (frida_server_manager.py, build_module.sh, service.sh) download the Frida server binaries directly from the official Frida GitHub repository. It also fetches the Drozer agent APK from the WithSecureLabs GitHub repository. These sources are recognized as well-known security tools and repositories.
- [COMMAND_EXECUTION]: The workflow orchestrators (base.py, full_assessment.py, etc.) extensively use Python's subprocess module to execute adb shell commands and frida-tools. This is the primary intended behavior of the skill to interact with and instrument Android devices during an audit.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it ingests untrusted data from applications under test. * Ingestion points: data_leakage_scanner.py reads system logs (logcat), while full_assessment.py and crypto_auditor.py dump database contents and preference files. * Boundary markers: The scripts do not consistently use delimiters or 'ignore instructions' warnings when processing this data. * Capability inventory: The skill has significant capabilities including arbitrary shell command execution (adb shell) and dynamic instrumentation (Frida). * Sanitization: There is no evidence of sanitization for data extracted from target applications before it is incorporated into the internal context for report generation.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.github.com/repos/frida/frida/releases/latest - DO NOT USE without thorough review
Audit Metadata