The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill documents numerous commands for performing high-risk operations on a connected device via the adb CLI. Evidence includes commands for modifying system settings (adb shell settings put), granting or revoking application permissions (adb shell pm grant/revoke), and performing system reboots into sensitive modes (adb reboot bootloader/recovery). While these are standard debugging tasks, they provide significant control over hardware. The severity is reduced from HIGH to MEDIUM as these operations are the primary purpose of the skill.
DATA_EXFILTRATION (MEDIUM): The skill provides specific patterns for accessing sensitive user information from the device. Evidence includes URI queries for contact lists (content://contacts/people) and SMS inboxes (content://sms/inbox), as well as methods to access private application data using run-as. While no external network exfiltration script is provided, the commands enable the agent to expose this data. The severity is reduced from HIGH to MEDIUM due to the skill's context as a device mastery tool.
PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it encourages the agent to ingest and process untrusted data from the device.
Ingestion points: Commands like adb logcat, adb shell cat /data/anr/traces.txt, and adb pull in SKILL.md and references/deep-dive.md facilitate the entry of device-generated data into the agent's context.
Boundary markers: Absent. The skill does not provide instructions to use delimiters or ignore embedded commands when processing device output.
Capability inventory: The skill provides a comprehensive suite of powerful tools including shell access, file system manipulation, and package installation.
Sanitization: None. The skill focuses on raw data retrieval without suggesting validation or escaping of the output.

android