Mobile Application Security Testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly directs searching for and reporting hardcoded credentials and even includes example API keys/tokens (e.g., "AIzaSy...", "sk_live_..."), which means the agent is expected to surface secret values verbatim in analysis outputs and reports.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High risk: although presented as a legitimate mobile app security testing guide, it contains explicit, actionable techniques for bypassing SSL pinning and root detection, installing Frida servers, modifying/repacking APKs, extracting sensitive data via ADB/SharedPreferences/SQLite and performing SQL injection and component exploitation with Drozer—capabilities that enable data exfiltration, credential theft, remote code execution and system compromise if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the operator to perform "App store research" including reading user reviews (user-generated content) and to fetch/use third-party scripts/releases from public sites (e.g., GitHub and codeshare.frida.re), which the agent would consume and interpret as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill advocates running Frida with a --codeshare script at runtime (frida -U --codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f com.target.app) which pulls and executes remote code from https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/, meaning fetched content directly controls execution during runtime.