The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches the @midscene/harmony package from the official npm registry using npx to perform automation tasks. This is a standard method for executing Node.js-based tooling.
[COMMAND_EXECUTION]: Executes system commands using the HarmonyOS Device Connector (hdc) to control and interact with hardware devices. These commands are localized to the connected device environment.
[DATA_EXFILTRATION]: Captures screenshots of the connected device to perform visual automation. This data is transmitted to the user-configured AI model provider (e.g., Google, Alibaba) for processing, which is the intended core functionality of the vision-driven skill.
[PROMPT_INJECTION]: The skill processes visual data from device screens, which constitutes an indirect prompt injection surface. Malicious content displayed on a device screen could theoretically influence the agent's actions, but this is a documented risk of multimodal automation tools.
Ingestion points: Device screenshots captured via the take_screenshot command in SKILL.md.
Boundary markers: No specific delimiters or boundary markers are used for the screenshot data, which is standard for image-based inputs.
Capability inventory: Access to system shell via hdc, file system access for reports, and network access for package downloads.
Sanitization: Relies on the security filters and grounding capabilities of the configured AI model provider.

harmonyos-device-automation