android-emulator-skill
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Multiple scripts (
app_launcher.py,common.py,log_monitor.py,navigator.py,screen_mapper.py,emulator_manage.py) usesubprocess.runandsubprocess.Popento execute system-level commands through the Android Debug Bridge (ADB) and the Android Emulator binary. These are used for legitimate automation tasks such as installing APKs, launching activities, and capturing screen hierarchies. - [EXTERNAL_DOWNLOADS]: The
build_and_test.pyscript executes the Gradle wrapper (gradlew). As a well-known build tool in the Android ecosystem, Gradle is designed to automatically download the necessary build environment and project dependencies from remote repositories (such as Maven Central or Google's Maven repository) upon execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the processing of untrusted data from the Android device.
- Ingestion points:
scripts/screen_mapper.pydumps the full UI hierarchy of the current Android screen usinguiautomator, which includes text from third-party applications. - Boundary markers: None identified. The skill does not implement delimiters or specific instructions for the agent to disregard potential commands found within the captured UI text.
- Capability inventory: The skill set provides high-impact capabilities, including the ability to execute shell commands via ADB, install software, and simulate hardware button presses or gestures.
- Sanitization: The screen mapper retrieves raw text and content descriptions from the UI without filtering or sanitizing the content for embedded natural language instructions.
Audit Metadata