The Agent Skills Directory

[SAFE]: The skill performs legitimate static analysis of Android APK files using the 'androguard' library. It correctly identifies security risks such as dangerous permission requests and suspicious API usage patterns within target applications. No malicious logic, credential theft, or unauthorized network operations were identified within the skill's code.\n- [PROMPT_INJECTION]: The skill processes untrusted APK files to extract manifest data and strings, which constitutes an indirect prompt injection surface. The risk is minimized as the skill is restricted to static analysis and lacks the capability to execute dangerous commands or exfiltrate data.\n
Ingestion points: The skill ingests untrusted data from external APK files in scripts/agent.py.\n
Boundary markers: Boundary markers are absent in the output report.\n
Capability inventory: The skill's capabilities are limited to static analysis and printing JSON reports; it has no file-write or network-access capabilities.\n
Sanitization: The skill employs regex-based filtering for string extraction and standard JSON serialization.

analyzing-android-malware-with-apktool