play-policy-insights
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts within its own repository, specifically
orchestrator.pyandgenerate_report.py, to initialize the environment, perform static analysis, and synthesize the final audit report. - [EXTERNAL_DOWNLOADS]: The skill fetches official application metadata and Data Safety declarations from the Google Play Store (
play.google.com) to cross-reference against detected codebase behaviors. This is used solely for compliance verification. - [PROMPT_INJECTION]: The skill processes untrusted code and configuration files from a target Android application and interpolates identified evidence directly into prompts for specialized sub-agents, creating a surface for indirect prompt injection.
- Ingestion points: Ingests all source files, manifests, and build configurations from the target application directory.
- Boundary markers: The markdown templates used to generate sub-agent prompts lack explicit boundary markers or isolation instructions for interpolated evidence.
- Capability inventory: The skill spawns sub-agents with full reasoning and file-writing capabilities to perform the audit tasks.
- Sanitization: Untrusted data is interpolated into prompt templates without specific escaping or sanitization to prevent the execution of embedded instructions.
Audit Metadata