agent-device
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard command-line utilities such as
adb,sips,ffmpeg, andmd5to manage mobile devices and process visual data. It also includes instructions for the agent to create and execute local bash scripts in the/tmp/directory to facilitate rapid interaction sequences. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-controlled data from mobile application UIs (labels and identifiers) to determine interaction coordinates. 1. Ingestion points: UI element metadata retrieved via
agent-device snapshot. 2. Boundary markers: No specific delimiters or safety instructions are used to separate UI content from the agent's logic. 3. Capability inventory: The skill has extensive control over the device, including the ability to press coordinates, type text, modify settings, access the clipboard, and execute shell commands viaadbandbash. 4. Sanitization: There are no instructions for validating or sanitizing the labels and values extracted from the application's UI tree. - [SAFE]: The identified capabilities are consistent with the skill's primary purpose of mobile UI automation. No evidence of credential theft, remote exfiltration of sensitive data, or persistence mechanisms was found in the provided instructions.
Audit Metadata