play-policy-insights

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts within its own repository, specifically orchestrator.py and generate_report.py, to initialize the environment, perform static analysis, and synthesize the final audit report.
  • [EXTERNAL_DOWNLOADS]: The skill fetches official application metadata and Data Safety declarations from the Google Play Store (play.google.com) to cross-reference against detected codebase behaviors. This is used solely for compliance verification.
  • [PROMPT_INJECTION]: The skill processes untrusted code and configuration files from a target Android application and interpolates identified evidence directly into prompts for specialized sub-agents, creating a surface for indirect prompt injection.
  • Ingestion points: Ingests all source files, manifests, and build configurations from the target application directory.
  • Boundary markers: The markdown templates used to generate sub-agent prompts lack explicit boundary markers or isolation instructions for interpolated evidence.
  • Capability inventory: The skill spawns sub-agents with full reasoning and file-writing capabilities to perform the audit tasks.
  • Sanitization: Untrusted data is interpolated into prompt templates without specific escaping or sanitization to prevent the execution of embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 11:41 AM
Security Audit — agent-trust-hub — play-policy-insights