android-apk-patch
Warn
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The instructions involve downloading various reverse engineering tools and setup scripts from both official domains and personal GitHub repositories.- [REMOTE_CODE_EXECUTION]: The workflow includes downloading scripts and executing them with sudo, as well as a curl-to-bash pattern for Waydroid initialization.- [COMMAND_EXECUTION]: Employs powerful system tools including ADB, Frida, and Apktool to modify and interact with Android systems.- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via processed APK data.
- Ingestion points: User-provided APK files decompiled via apktool in SKILL.md.
- Boundary markers: None present to protect the agent from instructions embedded in APK resources.
- Capability inventory: High-privilege tools like adb, frida, and python3 are used as described across all files.
- Sanitization: No sanitization or validation of the APK content is performed before processing.
Audit Metadata