adb
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands to interface with the Android Debug Bridge (
adb). This includes managing local temporary directories (mkdir), deleting files (rm), and executing various device-level operations such as taking screenshots and querying device connectivity. - [DATA_EXFILTRATION]: The skill captures potentially sensitive data from the target device by taking screenshots of the active display and reading system logs through
adb logcat. These logs and visual captures may contain personally identifiable information (PII), authentication tokens, or private communications that are then processed by the agent. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core logic is driven by data ingested from an external, untrusted source (the Android device).
- Ingestion points: The agent reads
.tmp/screen.png(screenshots) and.tmp/ui.xml(UI tree dumps) from the device using its internal reading tools. - Boundary markers: No delimiters or instructions are used to separate the content found on the device's screen from the agent's internal mission instructions.
- Capability inventory: The skill possesses powerful control over the device, including the ability to simulate any user input (
adb shell input), launch arbitrary URLs or activities (adb shell am start), and grant or deny system permissions. - Sanitization: No sanitization or safety checks are performed on the content read from the device before it is used to determine the next step in the automation loop.
Audit Metadata