workers-app-tester
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of
adb shellcommands, including root commands (su -c), to interact with the Android operating system, pull APK files, and access protected application data in/data/data/. This is necessary for deep inspection of mobile applications. - [EXTERNAL_DOWNLOADS]: The documentation in
references/frida.mdrecommends the use of Frida's--codesharefeature to download and execute community-contributed scripts for SSL unpinning and root detection bypass. While these are remote scripts from third-party contributors, they are standard resources in the security community. - [DATA_EXFILTRATION]: By design, the skill extracts and logs sensitive information from target applications, including PII, authentication tokens (JWTs), and credentials. These are stored in a local session directory (e.g.,
/tmp/workers-app-tester-...). Thescripts/capture.pyscript specifically includes aPRESERVE_AUTHflag to log full authentication headers for testing purposes. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. It ingests data from untrusted target applications (via UI hierarchy parsing in
scripts/ui.pyand network traffic inscripts/traffic.py). If a target app contains malicious instructions in UI labels or response bodies, the agent might attempt to follow them. The skill's 'Rules' provide some operational guardrails to mitigate this risk.
Audit Metadata