android
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides comprehensive access to the 'adb' command suite, granting the agent the ability to execute arbitrary shell commands on a connected device, install or uninstall applications, and modify system settings.
- [DATA_EXFILTRATION] (HIGH): The skill explicitly documents how to access and retrieve highly sensitive data from the device, including SMS messages (via content://sms/inbox), contacts, and private application databases using 'run-as' or 'pull' commands.
- [PROMPT_INJECTION] (HIGH): There is a significant risk of indirect prompt injection as the skill is designed to ingest and analyze untrusted data from the device. 1. Ingestion points: 'adb logcat', 'adb shell cat', and 'adb shell dumpsys' commands. 2. Boundary markers: Absent; no instructions are provided to delimit external data or ignore embedded commands. 3. Capability inventory: 'adb shell' (execution), 'adb push/pull' (file transfer), 'adb install' (app deployment), and 'adb settings put' (system modification). 4. Sanitization: Absent; the agent is directed to process raw log and system output which could contain malicious instructions from a compromised app.
Recommendations
- AI detected serious security threats
Audit Metadata