android-device-automation
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx @midscene/android@1to download and execute the Midscene Android automation package from the npm registry. This is the standard method for running the Midscene CLI. - [COMMAND_EXECUTION]: The skill provides tools to execute
adb shellcommands on connected Android devices via therunadbshellcommand. This level of access is necessary for low-level device control such as inspecting battery status or launching specific activities. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted visual data from external applications and websites.
- Ingestion points: Screen content is captured via
take_screenshotand processed by the AI to determine actions. - Boundary markers: None identified in the instructions for isolating screen content from agent instructions.
- Capability inventory: The agent can execute arbitrary ADB shell commands, interact with UI elements, and access the local file system to save/read screenshots.
- Sanitization: No specific sanitization is performed on the visual data before it is interpreted by the vision model.
- [CREDENTIALS_UNSAFE]: The skill instructions provide best-practice guidance for managing sensitive API keys for AI models (e.g., Gemini, Qwen) using
.envfiles. No hardcoded credentials were detected in the skill content.
Audit Metadata