argent-metro-debugger

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands via the adb utility to perform port forwarding for Android devices (adb -s <serial> reverse tcp:8081 tcp:8081). It also provides instructions for the agent to execute environment-specific npx commands (e.g., npx react-native start, npx expo start) to manage development servers.
  • [REMOTE_CODE_EXECUTION]: The debugger-evaluate tool enables the execution of arbitrary JavaScript expressions within the target application's runtime via the Chrome DevTools Protocol (CDP). While essential for debugging, this represents a significant execution capability.
  • [PROMPT_INJECTION]: The skill processes untrusted data from the workspace, such as application logs and source code, creating a surface for Indirect Prompt Injection where malicious content in those files could influence agent behavior.
  • Ingestion points: Application log files (SKILL.md) and original source code files (references/source-maps.md).
  • Boundary markers: A specific flat log format is defined in SKILL.md to guide the agent in parsing log entries.
  • Capability inventory: The skill can execute code within the app runtime (debugger-evaluate), run shell commands (adb), and perform file system operations (grep, Read).
  • Sanitization: No explicit sanitization or instructions to ignore embedded instructions are provided for the data ingested from logs or source files.
  • [DATA_EXFILTRATION]: The skill facilitates access to application console logs and original source code files. This access could lead to the exposure of sensitive information, such as environment variables, API keys, or proprietary business logic, if such data is present in the logs or source.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 06:25 PM
Security Audit — agent-trust-hub — argent-metro-debugger