maestro-ui-testing

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute the official Maestro installation script from https://get.maestro.mobile.dev using the curl | bash pattern.
  • [EXTERNAL_DOWNLOADS]: Fetches the Maestro CLI and related dependencies from official repositories, including the vendor's domain and Homebrew.
  • [COMMAND_EXECUTION]: Orchestrates the execution of maestro, adb, and xcrun commands for device management, application testing, and UI hierarchy inspection.
  • [DATA_EXFILTRATION]: Utilizes a built-in JavaScript HTTP client for making network requests to external APIs, intended for test setup and backend verification purposes.
  • [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection by ingesting and asserting against UI content (text labels, accessibility IDs) from the application under test.
  • Ingestion points: Application UI elements and hierarchical data retrieved via assertVisible, tapOn, and maestro hierarchy commands.
  • Boundary markers: None identified for separating UI content from agent instructions.
  • Capability inventory: Shell command execution via the maestro CLI and arbitrary network requests via the JavaScript http client.
  • Sanitization: No evidence of validation or sanitization of UI-derived strings before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 06:43 AM
Security Audit — agent-trust-hub — maestro-ui-testing