mobile-security
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core function of processing untrusted external content.
- Ingestion points: Processes Android APK and iOS IPA files, decompiling them into source code and resources (e.g.,
extracted/,output/). - Boundary markers: There are no boundary markers or instructions telling the agent to treat strings found in the binary as data only and to ignore embedded commands.
- Capability inventory: The skill uses
BashandWritepermissions, allowing an attacker who successfully injects instructions into the decompiled code to potentially execute arbitrary shell commands or modify local files. - Sanitization: No sanitization or filtering is applied to the output of
grep,strings, or the decompiled Java code before the agent processes it. - [EXTERNAL_DOWNLOADS] (LOW): The skill suggests installing
frida-toolsandobjectionviapip. While these are legitimate security tools, installing packages at runtime is a risk factor. Per [TRUST-SCOPE-RULE], these are categorized as LOW/INFO due to being standard industry tools, but remain a vector for supply chain attacks. - [COMMAND_EXECUTION] (MEDIUM): The workflow involves running complex CLI tools like
apktoolandjadxon untrusted binary inputs. This exposes the host system to potential vulnerabilities within those tools (e.g., path traversal or heap overflows) when parsing specially crafted malicious binaries.
Recommendations
- AI detected serious security threats
Audit Metadata