mobile-security
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation and code summaries from the author's GitHub repository (gmh5225/awesome-game-security) to supplement its knowledge. These are text-based resources used to provide detailed technical context to the user.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it ingests data from external repository archives. Evidence: 1. Ingestion points: archive, README, and description URLs defined in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: The skill body contains instructional text but does not define automated tool execution or file-system writing capabilities. 4. Sanitization: Absent. The risk is considered low as the ingestion is scoped to research data from the author's repository.
- [COMMAND_EXECUTION]: The skill contains numerous instructional examples for using reverse engineering and memory manipulation tools (e.g., apktool, jadx, Frida, GameGuardian). These are provided as static documentation for the user's reference and are not instructions for the agent to execute code on the host environment.
Audit Metadata