maestro-ui-testing
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute the official Maestro installation script from
https://get.maestro.mobile.devusing thecurl | bashpattern. - [EXTERNAL_DOWNLOADS]: Fetches the Maestro CLI and related dependencies from official repositories, including the vendor's domain and Homebrew.
- [COMMAND_EXECUTION]: Orchestrates the execution of
maestro,adb, andxcruncommands for device management, application testing, and UI hierarchy inspection. - [DATA_EXFILTRATION]: Utilizes a built-in JavaScript HTTP client for making network requests to external APIs, intended for test setup and backend verification purposes.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection by ingesting and asserting against UI content (text labels, accessibility IDs) from the application under test.
- Ingestion points: Application UI elements and hierarchical data retrieved via
assertVisible,tapOn, andmaestro hierarchycommands. - Boundary markers: None identified for separating UI content from agent instructions.
- Capability inventory: Shell command execution via the
maestroCLI and arbitrary network requests via the JavaScripthttpclient. - Sanitization: No evidence of validation or sanitization of UI-derived strings before they are processed by the agent.
Audit Metadata