agent-device
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes system tools such as
adb,simctl,sips, andffmpegfor managing device state and processing media. It also suggests generating and executing local bash scripts to perform interaction sequences quickly. - [DATA_EXFILTRATION]: Provides capabilities to read the iOS clipboard and pull files from Android devices using
adb pull. These operations are presented as standard features for mobile application testing and interaction. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection by ingesting untrusted data from the device UI. \n- Ingestion points: Application accessibility tree snapshots (labels, identifiers, values) via
agent-device snapshot. \n- Boundary markers: None mentioned for identifying or isolating embedded instructions within UI elements. \n- Capability inventory: Subprocess calls includingagent-device press,type,swipe, andadb shell. \n- Sanitization: No validation or escaping of element labels is described before being used to compute coordinates.
Audit Metadata