Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly exposes an arbitrary `adb shell` capability but provides no safety guidance, allowlist, or warning that commands can modify device state, access sensitive data, or damage a connected device. In an agent setting, this materially increases the chance of unsafe command execution because the model may treat shell access as a routine tool rather than a high-risk operation.
