apk-redteam-pipeline

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs extracting, printing, and using secrets (JWTs, API keys, tokens) — even including a verbatim JWT example and steps to test APIs with recovered credentials — which requires the agent to handle/output secret values.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs mix legitimate, low-risk endpoints (Google APIs, Play Store, official GitHub jadx release) with third‑party APK download hosts and generic cloud storage endpoints (APKPure direct redirects, APKMirror search, firebasestorage) that are commonly used to host or distribute repackaged/malicious APKs and executable archives, so the overall download-sourcing risk is elevated.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High-risk: the skill contains explicit, operational steps to extract and exfiltrate credentials/tokens, bypass app security (certificate pinning via Frida), dump runtime secrets, and immediately test/use leaked keys—actions that clearly facilitate credential theft, unauthorized access, and potential remote compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and scraping public third‑party sites (e.g., Play Store developer pages, APKPure/APKMirror downloads, and Firebase/Firestore endpoints) and requires parsing those untrusted pages/JSON/strings (package IDs, JWTs, URLs) which directly drive follow-up actions (API tests, Frida/mitmproxy instrumentation), so remote user-generated or public content can materially influence the agent's next actions.