vmos-edge-control-api
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installation instructions in README.md suggest using npx to fetch the skill from the vendor's GitHub repository.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of applications on the target Android device from remote URIs via the package install endpoint.
- [COMMAND_EXECUTION]: The skill instructions guide the agent to use command-line tools such as curl or Python's requests library to interact with the device API.
- [COMMAND_EXECUTION]: The skill provides a capability to execute arbitrary shell commands on the controlled Android device, potentially with root access.
- [DATA_EXFILTRATION]: The skill accesses host environment variables such as VMOS_EDGE_HOST_IP and VMOS_EDGE_DB_ID to establish connection parameters.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection as it ingests untrusted UI hierarchy data and screenshots from the target device.
- Ingestion points: UI data is retrieved via accessibility dump and screenshot endpoints as documented in SKILL.md.
- Boundary markers: The instructions do not define delimiters or specific 'ignore' directives for data processed from the device.
- Capability inventory: The agent can perform shell execution, simulated touch input, and application management on the target device.
- Sanitization: No sanitization or validation of data retrieved from the remote device is specified.
Audit Metadata