android-apk-patch

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content contains explicit, intentional techniques to bypass app protections and implant persistent/system-level modifications—e.g., smali patches that force license/permission checks to always succeed, Frida scripts to bypass SSL pinning/root/signature checks, signature‑spoofing and Magisk module instructions (including Play Integrity bypass tools), and guidance for re-signing and distributing patched APKs—capabilities that directly enable piracy, tampering, persistence and supply‑chain or system compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (e.g., Section 2.1 "Analyze with jadx target.apk" and Section 3.1/3.2 which instructs extracting/merging APKs from public sources like APKMirror/.xapk/.apks and downloading GmsCore/ReVanced from GitHub) explicitly directs ingesting and interpreting untrusted, public third‑party APKs/releases, which can materially affect patching actions and tool behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains numerous instructions that require root/sudo (installing packages, modprobe, moving files to /usr/local/bin, docker setup, editing /system, Magisk/root modules) and describes bypassing security mechanisms (signature spoofing, Play Integrity/attestation workarounds), which explicitly push privileged and state-modifying actions on the host/device.