mobile-self-test
Fail
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill hardcodes a literal password string "Password123!" within the instruction block for generating test accounts.
- [DATA_EXFILTRATION]: The instructions reference absolute file paths specific to a local user's home directory, such as "/Users/diygod/.agents/skills/axe/SKILL.md" and "/Users/diygod/Code/Projects/follow-server". This exposes the local system's directory structure and specific configuration of the agent's environment.
- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute complex shell operations, including starting background server processes using "nohup", managing iOS simulators via "xcrun simctl", and controlling Android emulators via "adb".
- [COMMAND_EXECUTION]: It performs runtime compilation of mobile applications using "xcodebuild" for iOS and "gradlew" for Android, which involves executing build scripts that could be manipulated if local source files are compromised.
Recommendations
- AI detected serious security threats
Audit Metadata