dogfood
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via the agent-device tool to automate mobile app interactions, including navigation, state capture, and recording.
- [EXTERNAL_DOWNLOADS]: The skill utilizes npx to fetch and run the agent-device package from the npm registry, which is a well-known service.
- [PROMPT_INJECTION]: The skill processes untrusted data from mobile applications, creating a surface for indirect prompt injection.
- Ingestion points: Application snapshots and logs are read into the agent context from the mobile device in SKILL.md.
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions embedded in the mobile app UI.
- Capability inventory: The agent has access to the agent-device tool and shell execution capabilities.
- Sanitization: No sanitization of ingested UI text or logs is described before processing.
Audit Metadata