The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from a connected Android device.
Ingestion points: The agent is instructed to read view.xml (UI hierarchy) and inspect screen.png (screenshot) captured from the device.
Boundary markers: There are no instructions for the agent to use delimiters or ignore potential commands embedded within the text properties of the UI elements.
Capability inventory: The skill possesses extensive capabilities including execution of shell commands via Bash(adb:*) and ./gradlew, as well as file system operations via Read and Glob tools.
Sanitization: No sanitization or validation logic is specified for the text content parsed from the UI hierarchy, allowing text from arbitrary third-party apps to enter the agent's context.
[COMMAND_EXECUTION]: The skill relies on executing shell commands to perform its core functions.
Evidence: Instructions include the use of adb shell input, adb pull, and ./gradlew installDebug to manage the device and install application builds.
Context: These commands are standard for Android development and testing workflows and are consistent with the skill's stated purpose of device interaction.

interacting-with-android-device