The Agent Skills Directory

[SAFE]: The skill's functionality is transparent and strictly limited to its stated purpose of managing VMOS Edge Android devices through a documented API.
[PROMPT_INJECTION]: The skill incorporates explicit safety instructions, directing the agent to always confirm with the user before performing sensitive or destructive operations such as uninstalling apps, clearing data, or executing system shell commands.
[COMMAND_EXECUTION]: The skill utilizes standard system tools like curl and Python requests to facilitate API communication. It recommends using absolute paths (e.g., /usr/bin/curl) to ensure execution reliability and prevent path hijacking.
[DATA_EXFILTRATION]: There is no evidence of unauthorized data collection or exfiltration. Network activity is localized to the user-provided host IP and device ID required for the management API.
[INDIRECT_PROMPT_INJECTION]: The skill ingests data from the Android device (UI hierarchy, activity names). Although this is an attack surface, the instructions emphasize an 'Observe -> Plan -> Act -> Verify' workflow that encourages cross-checking states, which helps mitigate the risks of obeying instructions embedded in the device's UI content.

vmos-edge-control-api