adb-magisk-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads Magisk APKs and device boot images from public GitHub releases (see "Download Magisk APK and boot image from GitHub releases" and adb-magisk-download.py) and then installs/patches/flashes those artifacts as part of its workflow, so untrusted third‑party content is ingested and can materially influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's adb-magisk-download.py explicitly downloads the Magisk APK and boot images at runtime from GitHub releases (via the GitHub API / https://github.com/), fetching remote executable binaries that the workflow requires and which are installed/executed on the target device.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly automates installing Magisk, patching and flashing boot images via adb/fastboot to enable rooting and Play Integrity bypass—system-level modifications and security bypasses on the target device—so it directs the agent to compromise a machine's/system image state.