Skills
skills/meta-quest/agentic-tools/hz-vr-debug/Gen Agent Trust Hub

hz-vr-debug

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and execute the @meta-quest/hzdb package from the npm registry. This is a vendor-owned utility provided by the skill author.
  • [PROMPT_INJECTION]: The skill reads device logs and pulls files which may contain untrusted data, creating a surface for indirect prompt injection.
  • Ingestion points: Command examples for log reading (hzdb log, hzdb adb logcat) and file retrieval (hzdb files pull) in SKILL.md.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the agent instructions.
  • Capability inventory: The skill has the capability to install APKs, delete files, and manage applications on the connected device via the hzdb CLI.
  • Sanitization: No sanitization or filtering is applied to the content retrieved from the device before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 05:21 PM
Security Audit — agent-trust-hub — hz-vr-debug