mobile-use-setup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- Remote Code Execution (HIGH): The skill repeatedly recommends installing the 'uv' package manager using 'curl -LsSf https://astral.sh/uv/install.sh | sh'. This pattern executes unverified remote code with the user's shell permissions.
- Command Execution (HIGH): The setup process involves commands requiring administrative privileges, such as 'sudo apt install' and 'sudo xcode-select --install', which can lead to unauthorized system modifications.
- External Downloads (MEDIUM): The 'create-project.sh' script downloads an LLM configuration template from a non-whitelisted GitHub repository ('minitap-ai/mobile-use').
- Credentials Management (LOW): The skill guides users to store API keys in '.env' files. While it suggests using '.gitignore', automated handling of secrets by the agent increases the risk of accidental exposure.
- Dynamic Execution (LOW): The skill generates Python scripts ('main.py') and configuration files ('llm-config.override.jsonc') at runtime based on user configuration.
- Indirect Prompt Injection (LOW): The skill ingests user input via the 'AskUserQuestion' tool to determine setup logic. It lacks explicit boundary markers or sanitization before using these inputs to drive script generation and command execution. Evidence: 1. Ingestion points: SKILL.md (Phase 1 questions). 2. Boundary markers: absent. 3. Capability inventory: scripts/create-project.sh (cat, curl, uv), SKILL.md (npm, brew, shell). 4. Sanitization: absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata