mobile-testing
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Several Python scripts in the scripts directory use subprocess.call to execute local helper scripts (e.g., convert_formats.py) using sys.executable. This is used for format conversion logic and does not involve remote code execution or shell-specific vulnerabilities.
- [PROMPT_INJECTION]: The skill processes untrusted project context in prompts/mobile-testing.md. It lacks boundary markers and sanitization while possessing capabilities like file writing and local script execution, creating a surface for indirect prompt injection from malicious project descriptions.
- [SAFE]: No hardcoded credentials, network exfiltration patterns, or obfuscated content were detected in the provided files.
Audit Metadata