skills/callstack/agent-device/dogfood/Gen Agent Trust Hub

dogfood

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the agent-device CLI and npx agent-device to execute commands for mobile application testing (iOS/Android).
  • [EXTERNAL_DOWNLOADS]: The skill references the agent-device Node package. It proactively addresses supply chain security by instructing the agent to never autonomously run installation or upgrade commands (e.g., npm install -g or npx -y ...@latest), instead requiring a user-provided trusted binary.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to analyze the runtime content of mobile applications (snapshots and screenshots).
  • Ingestion points: Mobile app snapshots and screenshots captured via the agent-device tool (SKILL.md).
  • Boundary markers: No explicit markers are defined to separate untrusted app data from agent instructions.
  • Capability inventory: Restricted shell access limited to the agent-device toolset (SKILL.md).
  • Sanitization: No specific filtering or escaping is implemented for text found within the tested applications.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:02 AM
Security Audit — agent-trust-hub — dogfood