performing-android-app-static-analysis-with-mobsf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uploads and ingests arbitrary third-party APK/AAB files and their MobSF JSON reports (see SKILL.md "Step 2: Upload APK for Static Analysis" and the runtime code in scripts/agent.py and scripts/process.py which call /api/v1/upload and /api/v1/report_json), parses those untrusted, user-provided report fields, and uses them to make automated decisions (CI gate exit codes and security thresholds), so untrusted content can materially influence agent behavior.