android-app-pentesting

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 该文档包含大量具体可执行的双重用途技术（SSL/Root/反调试绕过、Frida/Gadget 注入、内存级 DEX 转储、修改系统 CA/iptables、使用 Accessibility/FCM 作为 C2、通过 Drozer/Intent 执行命令和提取敏感文件等），这些都是明确可被滥用于数据外泄、远程代码执行、持久后门安装与凭证窃取的高风险手段。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and analyzing APKs from public sites (e.g., "在线下载" listing APKPure/APKMirror/justapk in Phase 0: APK 获取) and suggests curling public endpoints (e.g., "尝试访问: curl https://xxx.firebaseio.com/.json") and cloning/downloading tools from GitHub/Frida releases, meaning the agent would ingest untrusted, user-generated third‑party content that can influence subsequent analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly shows a runtime Frida codeshare command that pulls and executes remote scripts (e.g., frida --codeshare krapgras/android-biometric-bypass-update-android-11 which fetches code from https://codeshare.frida.re/), so that external URL is used at runtime to retrieve and run remote code.