The Agent Skills Directory

[DYNAMIC_EXECUTION]: The framework utilizes importlib.import_module in several locations (mobilerun/agent/external/__init__.py, mobilerun/config_manager/migrations/__init__.py) to load external agents and configuration migration scripts. This is a standard architectural pattern for plugin systems and does not pose a risk in this context as the module names are derived from internal directory structures.
[INDIRECT_PROMPT_INJECTION]: The skill processes live device data (UI hierarchy, application lists, app cards) which could potentially contain malicious instructions from third-party apps. To mitigate this risk, the framework wraps untrusted data in XML-like boundary markers (e.g., <device_state>, <app_card>) and instructs the agents to distinguish between system instructions and device context.
[CREDENTIALS_UNSAFE]: The framework includes a dedicated CredentialManager and a type_secret tool to handle sensitive information like API keys and passwords. These features allow the agent to input secrets into the device without exposing the actual values in logs, prompt history, or terminal output. No hardcoded user credentials were found in the codebase.
[DATA_EXFILTRATION]: The framework includes anonymous telemetry via PostHog to collect usage statistics. This can be disabled by setting the MOBILERUN_TELEMETRY_ENABLED environment variable to false. Additionally, tracing integrations for Arize Phoenix and Langfuse are available but must be explicitly enabled by the user.

mobilerun-docs