android-app-pentesting

该技能不像凭据窃取型恶意技能，目的与能力基本一致，且多数安装源可验证；但它明确赋予 AI Agent 高风险移动端渗透测试与绕过能力，包含数据提取、MITM、Hook 与防护绕过，对真实目标可产生直接安全影响。因此应归类为高风险、非恶意但敏感的 offensive-security 技能。

High-risk offensive capability. The included Frida hook(s) explicitly bypass Android TLS/certificate pinning by overriding certificate and trust verification logic, and the workflows add traffic interception (apk-mitm/iptables redirect) plus in-memory DEX extraction to external storage. Combined with intrusive Drozer test/exploitation-like payload examples, this content is strongly indicative of malicious or adversarial tooling and should not be used as a supply-chain dependency artifact without strict isolation and provenance controls.