DragonJAR/Android-Pentesting-Skill — reverse-engineered prompt

Build me a reusable AI agent skill for auditing Android APKs in an authorized security lab. I want to give the agent an APK path and have it guide the whole review, from decoding the app to finding risky permissions, exported screens, deep links, WebViews, storage issues, weak crypto, networking problems, native code, and hardcoded secrets.

It should support static analysis with APKTool, JADX, APKiD, Android SDK tools, Semgrep style rules, and simple search patterns. It should also help with dynamic testing using Frida, including detecting runtime protections like SSL pinning, root checks, emulator checks, anti Frida checks, FLAG SECURE, and RASP callbacks, then safely generate bypass commands only when I confirm it is an authorized lab.

Please include scripts, reusable Frida assets, clear workflows, a preflight checker for required tools, professional report templates, JSON output, MASVS mapping, CVSS scoring, and both English and Spanish documentation. Keep the workflow practical and easy to run from an AI coding agent.