argent-metro-debugger
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via the
adbutility to perform port forwarding for Android devices (adb -s <serial> reverse tcp:8081 tcp:8081). It also provides instructions for the agent to execute environment-specificnpxcommands (e.g.,npx react-native start,npx expo start) to manage development servers. - [REMOTE_CODE_EXECUTION]: The
debugger-evaluatetool enables the execution of arbitrary JavaScript expressions within the target application's runtime via the Chrome DevTools Protocol (CDP). While essential for debugging, this represents a significant execution capability. - [PROMPT_INJECTION]: The skill processes untrusted data from the workspace, such as application logs and source code, creating a surface for Indirect Prompt Injection where malicious content in those files could influence agent behavior.
- Ingestion points: Application log files (
SKILL.md) and original source code files (references/source-maps.md). - Boundary markers: A specific flat log format is defined in
SKILL.mdto guide the agent in parsing log entries. - Capability inventory: The skill can execute code within the app runtime (
debugger-evaluate), run shell commands (adb), and perform file system operations (grep,Read). - Sanitization: No explicit sanitization or instructions to ignore embedded instructions are provided for the data ingested from logs or source files.
- [DATA_EXFILTRATION]: The skill facilitates access to application console logs and original source code files. This access could lead to the exposure of sensitive information, such as environment variables, API keys, or proprietary business logic, if such data is present in the logs or source.
Audit Metadata