harmonyos-device-automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill executes
npx @midscene/harmony@1, which fetches and runs code from the npm registry during execution. This is a standard but external dependency mechanism.\n- [COMMAND_EXECUTION]: The skill relies on thehdc(HarmonyOS Device Connector) utility to perform shell commands, launch applications, and manage device state on connected hardware or emulators.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to its vision-based automation approach.\n - Ingestion points: The skill ingests untrusted data in the form of device screenshots via the
take_screenshotandactcommands.\n - Boundary markers: No delimiters or instructions are used to prevent the AI from following commands that might be visible on the device screen.\n
- Capability inventory: Capabilities include executing shell commands on the mobile device, running remote packages via
npx, and performing various UI interactions.\n - Sanitization: Visual content is not sanitized before being interpreted by the AI model, which could lead to the agent obeying instructions displayed within a captured application screen.
Audit Metadata