The Agent Skills Directory

[COMMAND_EXECUTION]: The skill orchestrates various command-line utilities including apktool, jadx, frida, and adb to perform static and dynamic analysis of Android binaries. These operations are necessary for the skill's primary function of security auditing.
[EXTERNAL_DOWNLOADS]: The documentation guides users to install several third-party security tools via package managers (pip3 install frida-tools objection apkid and brew install apktool jadx semgrep). It also references cloning the skill's core logic from a GitHub repository (github.com/DragonJAR/Android-Pentesting-Skill).
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from untrusted APK files, including strings and decompiled source code. This represents a known attack surface where a maliciously crafted APK could attempt to influence the agent's output, though this is a standard risk for security analysis tools.
[DATA_EXPOSURE]: The skill explicitly searches for and reports on hardcoded credentials (like API keys) within analyzed APKs. Analysis confirms these findings are used for legitimate security reporting and are not exfiltrated to unauthorized third-party servers.

dragonjar-android-pentesting-skill