testing-mobile-applications
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions designed to bypass safety filters, ignore system instructions, or extract internal prompts were identified.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive host environment files. It lists the default iOS SSH password ('alpine'), but this is provided as part of standard documentation for testing jailbroken devices.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): While the skill mentions various third-party security tools (e.g., APKTool, Frida, Objection), it does not include commands to automatically download or execute scripts from unverified remote sources.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze external, untrusted data (APK and IPA files). While this presents a potential attack surface, the instructions are focused on manual analysis by a security professional and do not include automated triggers for untrusted input.
- [Obfuscation] (SAFE): All instructions and code blocks (Bash and JavaScript) are clear and human-readable with no signs of encoding or hidden characters.
- [Command Execution] (SAFE): The command sequences provided are standard for mobile pentesting workflows and are intended for use in controlled security assessment environments.
Audit Metadata