The Agent Skills Directory

[SAFE] (SAFE): The skill follows secure coding practices for Frida instrumentation and focuses on its stated goal of native code tracing.\n- [COMMAND_EXECUTION] (SAFE): The skill exclusively uses the Frida JavaScript API for logic. No dangerous subprocess spawning or shell command execution patterns were found.\n- [DATA_EXFILTRATION] (SAFE): Tracing data (call summaries and events) is transmitted to the local Frida host session via the standard send() function. There are no unauthorized network requests or connections to external domains.\n- [EXTERNAL_DOWNLOADS] (SAFE): No remote scripts, binaries, or third-party packages are downloaded or executed. All logic is self-contained in the provided JavaScript templates.\n- [PROMPT_INJECTION] (SAFE): The SKILL.md and documentation contain no instructions designed to override agent safety protocols or hijack the AI's persona.\n- [INDIRECT_PROMPT_INJECTION] (LOW): As a tracing tool, the skill naturally ingests and displays data from the target process (e.g., function arguments). While this is external data, the skill's role is diagnostic (display-only), and it does not make side-effect-heavy decisions based on this untrusted content.\n- [AUTOMATED_SCAN_NOTE] (INFO): The malicious URL alert for 'libc.so' is dismissed as a false positive. 'libc.so' is the standard C library on Android and its use in filtering/symbolication is a routine and safe operation.

frida-stalker-android