Skills
skills/vchirrav/owasp-secure-coding-md/mobile-security-mobsf/Gen Agent Trust Hub

mobile-security-mobsf

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (LOW): The skill ingests and parses JSON report data produced by scanning external APK/IPA files. Malicious content within a target app could potentially influence the agent's logic during result summarization. 1. Ingestion points: upload-response.json, scan-results.json, mobsf-report.json. 2. Boundary markers: Absent. 3. Capability inventory: Local command execution via curl and docker. 4. Sanitization: Absent.
  • External Downloads (LOW): The skill instructs the user to pull the opensecurity/mobile-security-framework-mobsf Docker image. While this is a well-known security tool, it represents an external dependency download.
  • Command Execution (SAFE): The skill utilizes curl for interacting with an API on localhost:8000 and standard docker run commands. These operations are restricted to the local environment and do not involve piped remote execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:36 PM