The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The scripts/utils/adb_shell.py script allows for the execution of arbitrary shell commands on a connected Android device. While this is a fundamental feature for ADB automation, it represents a high-risk capability that could be misused to perform destructive actions on the mobile device (e.g., rm -rf, pm uninstall) if the agent processes untrusted instructions.
Unverifiable Dependencies & Remote Code Execution (LOW): Multiple scripts (including adb_screenshot.py, adb_device_info.py, and adb_running_app.py) define extensive dependency lists in their PEP 723 headers. These include opencv-python, pytesseract, adbutils, and others. These packages are fetched from PyPI at runtime. Although these are common libraries, the large attack surface and use of unpinned versions (e.g., >=) introduce potential supply-chain risks.
Dynamic Execution (MEDIUM): The scripts/common/path_utils.py module uses sys.path.insert(0, adbautoplayer_path_str) to modify the Python search path at runtime based on a dynamically detected project root. This pattern of computing and injecting paths into the execution environment can be exploited if an attacker can influence the project directory structure.
Indirect Prompt Injection (LOW):
Ingestion points: adb_app_list.py (parses package names), adb_running_app.py (parses active window/activity names).
Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat data retrieved from the device as untrusted.
Capability inventory: The skill has full device control via adb shell including UI automation, file manipulation, and system settings access.
Sanitization: None. Data retrieved from the device (like a maliciously named app package) is passed directly to the agent's context, which could lead to subversion of the agent's logic.

moai-domain-adb