The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes shell commands using subprocess.run to interact with adb and drozer. The implementation uses list-based arguments rather than shell strings, which is a secure practice to prevent command injection on the host system.
[SAFE]: The tool scripts/process.py parses AndroidManifest.xml files to identify security configurations. While this involves processing untrusted XML data, the script uses the standard xml.etree.ElementTree library for extraction purposes.
[PROMPT_INJECTION]: The skill ingests untrusted data from Android manifests and tool outputs to generate reports and test commands. This constitutes a surface for indirect prompt injection.
Ingestion points: AndroidManifest.xml (parsed in scripts/process.py) and outputs from adb and drozer commands (processed in scripts/agent.py).
Boundary markers: The skill relies on structural parsing (XML) and regex pattern matching rather than explicit LLM-oriented boundary markers.
Capability inventory: The skill performs local command execution (adb, drozer) and file system writes (report generation) via subprocess.run and standard file I/O.
Sanitization: Employs list-based subprocess calls which prevent host-level command injection; however, it lacks explicit sanitization for the content of the generated reports based on the ingested data.

testing-android-intents-for-vulnerabilities