The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py file executes CLI tools (apktool, jadx) via subprocess.run. The implementation uses list-based arguments and the default shell=False setting, which prevents command injection vulnerabilities.
[PROMPT_INJECTION]: The skill processes untrusted APK files and extracts strings (URLs, IPs, code snippets) which are presented to the AI agent. This constitutes an Indirect Prompt Injection surface. * Ingestion points: Data is read from external APK files provided by the user in scripts/agent.py. * Boundary markers: Extracted strings are included in the report output without delimiters or isolation instructions. * Capability inventory: The skill has the capability to execute shell commands and write to the filesystem via the analysis script. * Sanitization: No sanitization or escaping is performed on data extracted from the APK before it is displayed to the agent.

reverse-engineering-android-malware-with-jadx