The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to set the environment variable ANDROID_APP_TESTER_PRESERVE_AUTH=1. When enabled, the scripts/capture.py script logs sensitive authentication headers (such as Authorization, Cookie, x-api-key) in plaintext to the traffic.jsonl log file, which may result in credential exposure if the session directory is not properly secured.
[REMOTE_CODE_EXECUTION]: The documentation in references/frida.md encourages the use of the frida --codeshare command to download and execute unverified scripts from various third-party contributors on the Frida codeshare platform (e.g., pcipolloni, masbog, TheDauntless). This bypasses standard security reviews and executes remote code on the local machine and the connected Android device.
[COMMAND_EXECUTION]: The skill makes extensive use of adb shell "su -c ..." to execute commands with root privileges on the target Android device. While consistent with the stated purpose of testing on a rooted device, this represents a significant privilege level that could be abused if the agent is misdirected into running arbitrary commands via the elevated shell.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the target application's UI hierarchy (via scripts/ui.py) and network traffic (via scripts/capture.py). Malicious strings embedded in the application under test (e.g., in element labels or API responses) could potentially influence the agent's logic or subsequent commands, as there are no boundary markers or sanitization layers to isolate this external content from the agent's instructions.

workers-app-tester