firebase-apk-scanner

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run various commands including apktool, grep, find, cat, and a local script scanner.sh. These are used to decompile APKs and search for configuration strings, which is standard behavior for a security analysis tool.
  • [EXTERNAL_DOWNLOADS]: The skill uses curl to interact with official Google and Firebase API endpoints (e.g., identitytoolkit.googleapis.com, firebaseio.com, firebasestorage.googleapis.com). These network operations are intended to verify the security of extracted project IDs and API keys against well-known services.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing data from external APK files.
  • Ingestion points: Smali code, XML resources, and assets extracted from user-provided APKs are read into the agent context.
  • Boundary markers: None; the skill does not use specific delimiters or instructions to ignore embedded commands in the extracted data.
  • Capability inventory: The agent has access to Bash, curl, and filesystem read tools.
  • Sanitization: No evidence of sanitization or filtering of the extracted strings before they are presented to the agent for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 01:46 PM
Security Audit — agent-trust-hub — firebase-apk-scanner