skills/stablyai/orca/orca-emulator/Gen Agent Trust Hub

orca-emulator

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The exec command allows for raw command strings to be passed to the emulator bridge, providing flexible but potentially unsafe execution of simulator controls if driven by unvalidated agent logic.
  • [DATA_EXFILTRATION]: Accessing the accessibility tree via the ax command exposes the internal UI structure of simulated apps, which may contain sensitive user or application data visible to the agent.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where untrusted data from a simulated application could influence agent behavior.
  • Ingestion points: UI metadata and the accessibility tree are ingested via orca emulator ax (SKILL.md).
  • Boundary markers: There are no specific delimiters or instructions defined to isolate data retrieved from the simulator from the agent's core instructions (Absent).
  • Capability inventory: The skill provides a wide range of interaction tools, including tap, type, gesture, and exec, which can be used to perform actions based on potentially injected instructions (SKILL.md).
  • Sanitization: The skill does not describe any mechanism for sanitizing or validating the UI content before it is returned to the agent (Absent).
  • [EXTERNAL_DOWNLOADS]: The skill references and integrates the serve-sim open-source tool for emulator streaming and control.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 11:15 AM
Security Audit — agent-trust-hub — orca-emulator