Skills
skills/new-silvermoon/awesome-android-skills/android-emulator-skill/Gen Agent Trust Hub

android-emulator-skill

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill frequently executes system commands to interact with the Android SDK and build tools.
  • It utilizes subprocess.run and subprocess.Popen to invoke adb, emulator, and gradlew.
  • To prevent command injection, the scripts pass arguments as lists rather than shell strings.
  • The keyboard.py and navigator.py scripts specifically use shlex.quote() to sanitize user-provided text before it is sent to the adb shell input text command.
  • [DATA_EXPOSURE]: The skill retrieves UI hierarchy data and device logs as part of its core functionality.
  • screen_mapper.py dumps the UI XML to the device's storage and pulls it locally for analysis to identify interactive elements.
  • log_monitor.py captures and displays real-time logs via adb logcat.
  • This behavior is standard for Android automation and testing tools.
  • [PROMPT_INJECTION]: Potential for indirect prompt injection through the processing of untrusted data.
  • Ingestion points: The skill reads UI text and content descriptions from third-party applications via screen_mapper.py and monitors system-wide logs in log_monitor.py.
  • Boundary markers: Not applicable, as these are standalone scripts rather than LLM prompt templates.
  • Capability inventory: The skill has significant capabilities, including installing/uninstalling applications, running build tasks, and sending input events to the device.
  • Sanitization: While shell command injection is mitigated via shlex.quote(), the AI agent should be cautious if it makes decisions based on the content of the logs or UI text, as these could contain adversarial instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 08:22 AM