The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py utilizes the subprocess module to execute system commands.
Evidence: It calls adb pull to retrieve application data from a connected Android device for analysis. This is a primary function of the skill and is performed using a list-based argument structure which mitigates shell injection risks.
[DATA_EXFILTRATION]: The skill scans for sensitive data (credentials, tokens, PII) within mobile application storage directories.
Evidence: Analysis of scripts/agent.py and scripts/process.py shows that all data processing is performed locally on the auditor's machine. There are no network-based exfiltration patterns or requests to external domains found in the code.
[REMOTE_CODE_EXECUTION]: The skill mentions external tools like Objection, Frida, and Android Backup Extractor as prerequisites.
Evidence: The skill does not include any automated download or installation scripts (such as curl | bash) for these dependencies, requiring the user to provide them manually.

exploiting-insecure-data-storage-in-mobile