android-pentesting-tricks

SUSPICIOUS: the skill is internally consistent as an Android pentesting playbook, but it gives an AI agent explicit offensive security capabilities, sensitive-data extraction procedures, and transitive loading of related attack skills. The main risk is not hidden malware but enabling high-impact exploitation and data access through the agent.

High-risk dual-use offensive Frida instrumentation. It implements multiple explicit bypasses (SSL pinning, root detection, biometric auth) and direct extraction/exfiltration of sensitive data (cryptographic keys/plaintext/ciphertext, full SharedPreferences, intent extras, WebView-loaded content and JS execution). While framed as 'Android testing', the capabilities strongly match patterns of unauthorized interception and credential theft; the code should not be used outside controlled security testing and should be treated as malicious-ready tooling.