Skills
skills/elementalsouls/claude-bughunter/apk-redteam-pipeline/Gen Agent Trust Hub

apk-redteam-pipeline

Pass

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the jadx decompiler from a repository on GitHub and downloads APK files from repositories including APKPure and APKMirror.
  • [REMOTE_CODE_EXECUTION]: Installs third-party security tools frida-tools and objection via the Python package manager (pip).
  • [COMMAND_EXECUTION]: Automates the execution of multiple command-line utilities including unzip, 7z, jadx, apktool, openssl, and adb to process external data.
  • [DATA_EXFILTRATION]: Performs network requests to external domains (e.g., Google Play Store, Firebase, and APK mirrors) to facilitate APK discovery and configuration testing.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted binary files (APKs) from public sources, which constitutes a surface for indirect attacks targeting the agent's analysis tools.
  • Ingestion points: SKILL.md (Stage 1)
  • Downloads APK files from d.apkpure.net, apkmirror.com, and other external URLs.
  • Boundary markers: Absent. No delimiters or warnings are used for the content being analyzed.
  • Capability inventory: SKILL.md (Stages 1, 2, 4, 5, 7)
  • Executes unzip, 7z, jadx, apktool, openssl, adb, frida, and objection on external files.
  • Sanitization: Absent. No validation or sanitization is performed on the downloaded binary files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 24, 2026, 01:58 AM
Security Audit — agent-trust-hub — apk-redteam-pipeline