The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py utilizes the subprocess.check_output function to invoke the Android Debug Bridge (ADB) command-line tool. This is a functional requirement of the skill to programmatically trigger deep link handling on a connected mobile device or emulator for vulnerability assessment. The implementation uses list-based execution, which mitigates standard shell injection risks.
[COMMAND_EXECUTION]: The documentation in SKILL.md and automated generation in scripts/process.py provide various adb shell am start commands. These commands are designed to test for vulnerabilities such as open redirects, path traversal, and JavaScript injection within the target application's WebView. This behavior is consistent with the skill's primary purpose as a penetration testing tool.
[SAFE]: The skill processes mobile application configuration files (AndroidManifest.xml and Info.plist) to identify potential attack surfaces. While these are external data sources, the processing is handled using standard libraries and regular expressions for analysis purposes.
Ingestion points: AndroidManifest.xml and Info.plist files are ingested and parsed in scripts/agent.py and scripts/process.py.
Boundary markers: None present; the skill treats the configuration files as structured data to be parsed.
Capability inventory: Command execution via adb in scripts/agent.py and local file read/write for report generation.
Sanitization: The scripts use standard XML parsing (ElementTree) and regex for extraction. Parameters used in command execution are passed via argument lists rather than shell strings.

exploiting-deeplink-vulnerabilities