Skills
skills/android/skills/appfunctions/Gen Agent Trust Hub

appfunctions

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes adb shell commands (e.g., adb shell cmd app_function) to interact with connected Android devices or emulators. This is standard functionality for Android development and testing tools.
  • [PROMPT_INJECTION]: The skill instructions in references/adb-interaction-testing.md direct the agent to treat the description field in AppFunction metadata as a set of mandatory instructions. This creates an indirect prompt injection surface where a processed application could potentially provide malicious metadata to influence the agent.
  • Ingestion points: The output of adb shell cmd app_function list-app-functions contains the description metadata field in JSON format.
  • Boundary markers: Absent; the agent is instructed to rigorously follow any instructions found within the description string.
  • Capability inventory: The skill enables execution of functions on the device (execute-app-function) and management of function states (set-enabled).
  • Sanitization: No sanitization is performed on the metadata before the agent is instructed to follow it.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 07:59 PM