Skills
skills/kanmi-idris/agent-skills/app-qa-audit/Gen Agent Trust Hub

app-qa-audit

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes untrusted data to generate executable automation logic.
  • Ingestion points: Content is ingested from live webapp URLs, Android APK builds, and external documentation (SKILL.md).
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the processed data.
  • Capability inventory: The skill generates executable Maestro YAML automation flows, Postman collections, and performs network/API extraction.
  • Sanitization: Absent; no logic is provided to sanitize or validate extracted content before it is used in prompt interpolation.
  • [COMMAND_EXECUTION]: The skill involves generating executable scripts and performing deep technical analysis.
  • Script Generation: Automatically generates .maestro/ packages and YAML flows for mobile E2E testing.
  • Reverse Engineering: Includes instructions to decode APK manifests and inspect Hermes bundles, which involves executing external utility tools.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 03:00 PM