skills/openharmonyinsight/openharmony-skills/hmos-multidevice-natural-orientation/Gen Agent Trust Hub
hmos-multidevice-natural-orientation
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of instructions attempting to override agent behavior, bypass safety filters, or extract system prompts was found. The instructions are strictly focused on technical HarmonyOS adaptation logic.
- [DATA_EXFILTRATION]: No network exfiltration patterns, hardcoded credentials, or unauthorized access to sensitive files were detected. The skill uses standard HarmonyOS system APIs (display, window, sensor) within their intended scope for UI management.
- [REMOTE_CODE_EXECUTION]: No remote script execution patterns (e.g., curl|bash) or dynamic code execution via eval/exec were found. It mentions a standard package (@hadss/adaptive_video) from the OpenHarmony Package Manager (OHPM), which is standard for the ecosystem.
- [COMMAND_EXECUTION]: Shell commands found in the documentation (e.g., hdc shell hidumper) are standard developer debugging tools for the HarmonyOS/OpenHarmony platform and are presented as documentation for troubleshooting, not as automated payloads.
- [OBFUSCATION]: The code and markdown files are in plain text. No Base64, zero-width characters, homoglyphs, or other obfuscation techniques were used to hide content.
- [PRIVILEGE_ESCALATION]: The skill does not attempt to gain administrative or root privileges. It operates within the standard HarmonyOS application sandbox using legitimate system kits.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes system events (screen size changes), it does not ingest or process untrusted natural language data that could be used for injection attacks.
- [DYNAMIC_EXECUTION]: The code uses standard runtime event listeners (display.on, window.on) to respond to system events. There is no runtime code generation or unsafe deserialization of untrusted data.
Audit Metadata