testing-mobile-applications
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous command-line examples for mobile testing tools such as ADB, Apktool, Frida, and Objection. These are intended for manual execution during a penetration test and do not represent unauthorized command execution.
- [DATA_EXFILTRATION]: Instructions include techniques for identifying and extracting sensitive information (e.g., passwords, API keys) from target applications. This activity is restricted to the scope of the analyzed application and does not involve the exfiltration of host system data.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection where an agent might ingest untrusted data from a mobile application (such as logs or decompiled code). Ingestion points: Target APK/IPA files, AndroidManifest.xml, device logs (logcat), and local databases. Boundary markers: None identified in the instruction snippets. Capability inventory: Shell command execution via various mobile analysis CLI tools. Sanitization: No specific input sanitization or validation logic is described for the ingested data.
Audit Metadata