The Agent Skills Directory

[Unverifiable Dependencies] (HIGH): The scripts start-debug.py and start-debug.sh attempt to execute a binary file named arkweb-app-debug (or arkweb-app-debug.exe on Windows) located within the skill's own scripts/ directory. This binary is not provided in the skill source, making its behavior opaque and unverifiable.
[Indirect Prompt Injection] (HIGH): The skill possesses a high-privilege attack surface. It ingests data from external HarmonyOS project files (e.g., AppScope/app.json5) to extract package names and subsequently uses this data to construct and execute system commands via hdc and the opaque binary. There are no visible sanitization or boundary markers to prevent malicious project files from influencing command execution.
Ingestion points: Project configuration files like AppScope/app.json5.
Boundary markers: Absent.
Capability inventory: Bash tool usage, subprocess.Popen calls, hdc (HarmonyOS Device Connector) operations, and execution of local binaries.
Sanitization: No evidence of input validation or escaping for project-derived data.
[Command Execution] (MEDIUM): The skill dynamically modifies the system PATH based on output from an external skill (ohos-app-build-debug). If that dependency is compromised, it could lead to path hijacking or the execution of malicious tools instead of the intended HarmonyOS utilities.
[Remote Code Execution] (MEDIUM): The troubleshooting.md file encourages users to run pip install -e ., suggesting the potential for installing unverified Python packages or executing setup scripts that are not present in the audited file set.

arkweb-app-debug