adb-uiautomator
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Detailed inspection of the skill's manifest, metadata, and instructions reveals no evidence of malicious intent, unauthorized data access, or deceptive practices.
- [COMMAND_EXECUTION]: The skill invokes several local Python scripts (e.g.,
adb-uiautomator-launch.py,adb-uiautomator-check.py) using theuv runcommand. These scripts are contained within the skill's local directory and are used for their intended purpose of Android device automation. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads and processes UI element data from external Android applications. An attacker-controlled application could display content designed to influence the agent's behavior.
- Ingestion points: UI element detection and monitoring via uiautomator2 as described in SKILL.md.
- Boundary markers: No specific delimiters or "ignore instructions" warnings are defined for the processed UI data.
- Capability inventory: The skill can execute local Python scripts and interact with devices via ADB.
- Sanitization: The analyzed files do not describe any mechanisms for sanitizing or filtering text retrieved from application interfaces.
Audit Metadata