Skills
skills/ingpdw/pdw-android-dev-tool/install-app/Gen Agent Trust Hub

install-app

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill utilizes ./gradlew and adb commands. ./gradlew can execute arbitrary code defined in the project build files, and adb provides significant control over connected Android devices.
  • [EXTERNAL_DOWNLOADS] (LOW): The Gradle build system is designed to download tools and libraries from external repositories. While typically from trusted sources like Google, this remains a network-based ingestion point.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect injection if the agent processes a malicious Android project. An attacker could embed instructions in build files that the agent or the build process might execute.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 08:41 AM