Skills
skills/web-infra-dev/midscene-skills/android-device-automation/Gen Agent Trust Hub

android-device-automation

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes adb shell via the runadbshell command to facilitate deep interaction with Android devices, including app management and system-level control.
  • [EXTERNAL_DOWNLOADS]: The skill fetches the @midscene/android package from the npm registry using npx to perform its automation tasks.
  • [REMOTE_CODE_EXECUTION]: Use of npx -y @midscene/android@1 triggers the execution of remote code in the local environment to drive the automation engine.
  • [PROMPT_INJECTION]: The skill's vision-driven automation creates a surface for indirect prompt injection, where malicious instructions embedded in a target application's UI or a website could influence the agent's behavior.
  • Ingestion points: Visual data captured through take_screenshot and processed during act sequences (SKILL.md).
  • Boundary markers: Absent; the skill does not provide explicit delimiters or instructions for the vision model to ignore commands embedded in UI elements.
  • Capability inventory: The agent can execute arbitrary shell commands on the device via runadbshell and perform complex UI interactions via act (SKILL.md).
  • Sanitization: No filtering or sanitization is performed on visual content before it is analyzed by the multimodal model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:59 AM