agent-device
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates extensive control over mobile devices through the
agent-deviceCLI, allowing for app lifecycle management, UI interaction via coordinates and selectors, and modification of system permissions. - [EXTERNAL_DOWNLOADS]: The
install-from-sourcecommand allows for the automated download and installation of application binaries from remote URLs provided during runtime. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its data ingestion patterns.
- Ingestion points: Data is ingested from external mobile applications via
snapshot -i(UI element labels and text),logs path(application log files), andnetwork dump(captured HTTP traffic). - Boundary markers: The provided instructions do not specify the use of delimiters or 'ignore' instructions to isolate the agent from potentially malicious text embedded within the mobile application's UI or log output.
- Capability inventory: The agent has high-privilege capabilities including installing software, entering text, and clicking elements, which could be triggered by instructions hidden in the data it processes.
- Sanitization: The skill does not mention validation or sanitization of strings extracted from the mobile environment before they are added to the agent's context.
Audit Metadata