skills/mukul975/anthropic-cybersecurity-skills/exploiting-insecure-data-storage-in-mobile/Gen Agent Trust Hub
exploiting-insecure-data-storage-in-mobile
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/agent.pyscript utilizessubprocess.check_outputto invoke the Android Debug Bridge (adb) for data extraction. This is implemented using a list of arguments rather than a shell string, effectively mitigating shell injection risks. This functionality is essential for the skill's stated purpose of mobile security testing. - [DATA_EXFILTRATION]: The skill is designed to identify and collect sensitive information (e.g., credentials, PII) from mobile device storage locations as part of a security audit. The scripts perform local analysis of data provided by the user or pulled from a connected device, with no evidence of unauthorized network transmission of host data.
- [SAFE]: Static analysis of the Python scripts and markdown documentation confirms that the behaviors match the claimed cybersecurity testing domain. The regex patterns for detecting secrets and the database interaction logic are standard for security scanning utilities.
Audit Metadata