Skills
skills/krzemienski/claude-mobile-expo/claude-mobile-validation-gate/Gen Agent Trust Hub

claude-mobile-validation-gate

Warn

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the mcp__serena__execute_shell_command tool to run a local script located at ./scripts/validate-gate-3a.sh. Executing local scripts whose contents are not defined within the skill itself presents a risk of arbitrary command execution on the host system.
  • [DATA_EXFILTRATION]: The skill contains a hardcoded absolute file path /Users/nick/Desktop/claude-mobile-expo within the cwd parameter of a shell command. This exposes the local username and directory structure of the developer environment, which is a form of information disclosure.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via its visual verification workflow.
  • Ingestion points: The agent takes screenshots of the mobile application UI using expo-mcp and performs visual analysis on the content.
  • Boundary markers: None. The skill does not instruct the agent to ignore text or instructions rendered within the screenshots.
  • Capability inventory: The agent has the ability to execute shell commands (mcp__serena__execute_shell_command), read files (mcp__serena__read_file), and write to memory (mcp__serena__write_memory).
  • Sanitization: None. If the application under test displays attacker-controlled content (e.g., a message or a profile name), that content could contain malicious instructions that the AI might interpret as commands while performing visual verification.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 22, 2026, 01:19 AM