The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it provides keywords like Get Text and Get Source (documented in assets/examples/android-basic.robot and assets/examples/hybrid-app.robot) which ingest untrusted data from third-party mobile applications into the agent context. There are no boundary markers or sanitization instructions to mitigate the risk of an agent following malicious commands embedded within an application's UI.
[COMMAND_EXECUTION]: The documentation in references/android-specific.md explains the use of mobile: shell via the Execute Script keyword, which allows the execution of arbitrary shell commands on a connected Android device. While this is a standard feature for advanced mobile automation, it provides a high-privilege interface to the device's operating system.

appium