dogfood
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
agent-deviceCLI andnpx agent-deviceto execute commands for mobile application testing (iOS/Android). - [EXTERNAL_DOWNLOADS]: The skill references the
agent-deviceNode package. It proactively addresses supply chain security by instructing the agent to never autonomously run installation or upgrade commands (e.g.,npm install -gornpx -y ...@latest), instead requiring a user-provided trusted binary. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to analyze the runtime content of mobile applications (snapshots and screenshots).
- Ingestion points: Mobile app snapshots and screenshots captured via the
agent-devicetool (SKILL.md). - Boundary markers: No explicit markers are defined to separate untrusted app data from agent instructions.
- Capability inventory: Restricted shell access limited to the
agent-devicetoolset (SKILL.md). - Sanitization: No specific filtering or escaping is implemented for text found within the tested applications.
Audit Metadata