The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is centered around executing bash scripts (located in the scripts/ directory) and raw adb commands. These scripts perform high-privilege operations such as modifying device settings (adb-settings-theme), managing packages (packagename uninstall), and capturing screen data.
[PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing output from external, potentially untrusted Android devices.
Ingestion points: Commands like scripts/adb-logcat-package, scripts/wearableservice-items, and dumpsys ingest arbitrary text from the device's logs and system services.
Boundary markers: There are no instructions or delimiters provided to ensure the agent ignores or sanitizes instructions embedded within device output.
Capability inventory: The skill provides significant capabilities, including file system access and the ability to execute system commands, which could be exploited if an attacker-controlled application on the connected device writes malicious instructions to the logcat.
Sanitization: The skill does not implement any sanitization or validation of the data retrieved from the Android device before presenting it to the agent.

adb