The Agent Skills Directory

[SAFE]: The skill documents and enforces industry-standard security practices for Android applications. This includes the mandatory use of EncryptedSharedPreferences for sensitive data (with platform-specific crash mitigations), secure certificate pinning for API communication, and the use of network security configurations to prevent cleartext traffic. The instructions also emphasize the removal of sensitive logs in production builds using R8/ProGuard rules.\n- [COMMAND_EXECUTION]: The skill defines legitimate development workflows involving standard tools. This includes Gradle commands (./gradlew installDebug, ./gradlew assembleRelease) for building and deploying applications, and openssl commands for extracting server certificate pins for security configuration. These operations are standard for Android app development and are performed within the developer's local environment.\n- [PROMPT_INJECTION]: The skill's architecture involves ingesting project-specific context and constraints (Ingestion point: SKILL.md), which is used to generate or review Android code. While this establishes a surface for indirect prompt injection from malicious project files, no evidence of malicious instructions or bypass attempts was found within the skill itself (Capability: command execution and file writing; Sanitization: absent; Boundary markers: absent).

android-development