hmos-multidevice-natural-orientation

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No evidence of instructions attempting to override agent behavior, bypass safety filters, or extract system prompts was found. The instructions are strictly focused on technical HarmonyOS adaptation logic.
  • [DATA_EXFILTRATION]: No network exfiltration patterns, hardcoded credentials, or unauthorized access to sensitive files were detected. The skill uses standard HarmonyOS system APIs (display, window, sensor) within their intended scope for UI management.
  • [REMOTE_CODE_EXECUTION]: No remote script execution patterns (e.g., curl|bash) or dynamic code execution via eval/exec were found. It mentions a standard package (@hadss/adaptive_video) from the OpenHarmony Package Manager (OHPM), which is standard for the ecosystem.
  • [COMMAND_EXECUTION]: Shell commands found in the documentation (e.g., hdc shell hidumper) are standard developer debugging tools for the HarmonyOS/OpenHarmony platform and are presented as documentation for troubleshooting, not as automated payloads.
  • [OBFUSCATION]: The code and markdown files are in plain text. No Base64, zero-width characters, homoglyphs, or other obfuscation techniques were used to hide content.
  • [PRIVILEGE_ESCALATION]: The skill does not attempt to gain administrative or root privileges. It operates within the standard HarmonyOS application sandbox using legitimate system kits.
  • [INDIRECT_PROMPT_INJECTION]: While the skill processes system events (screen size changes), it does not ingest or process untrusted natural language data that could be used for injection attacks.
  • [DYNAMIC_EXECUTION]: The code uses standard runtime event listeners (display.on, window.on) to respond to system events. There is no runtime code generation or unsafe deserialization of untrusted data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 11:57 AM
Security Audit — agent-trust-hub — hmos-multidevice-natural-orientation