adb-magisk
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted UI text from the Android device to drive automation logic.
- Ingestion points: Data enters the agent context via screen text detection in adb-magisk-launch.py (wait-text) and the adb-wait-for action in the .toon workflows.
- Boundary markers: None identified; there are no clear delimiters or instructions to ignore embedded commands within the captured UI text.
- Capability inventory: The skill can install system modules, modify Zygisk settings, and trigger device reboots via ADB-based Python scripts.
- Sanitization: There is no evidence of content sanitization or validation of the screen text before it is used to satisfy workflow conditions.
Audit Metadata