android-pentest

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs actions that extract credentials and secrets (frida_dump_credentials, dump_databases/shared_prefs, memory/pcap/logcat capture) and requires those outputs to be included as evidence in findings, which forces the LLM to handle and potentially emit secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is a dual‑use, offensive-security toolkit but contains multiple explicit, easily‑abusable patterns for credential theft and data exfiltration (Frida hooks that dump keys/credentials, keystore/crypto hooks, clipboard/logcat capture), active bypasses to disable/evade protections (SSL‑pinning bypass, root/anti‑tamper bypass, biometric bypass, CA installer that adds system CAs), and crafted payloads/intent strings (attacker/evil domains, shell injection, rm -rf style commands) — all of which enable deliberate unauthorized access/exfiltration and could be used as backdoors or to mount system compromise if misused.