screenshot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill constructs shell commands by interpolating the '$SCREENSHOT_DIR' and '$COUNT' variables into Bash and PowerShell scripts. This creates a high risk of command injection if the directory path provided via the '--dir' argument or the '.claude/screenshot.json' config contains shell metacharacters like semicolons or pipes.
- [DATA_EXFILTRATION] (HIGH): The skill is designed to automatically locate and read screenshots from common system directories (e.g., ~/Desktop, ~/Pictures, OneDrive). Screenshots are high-value targets for attackers as they frequently contain sensitive information, including ephemeral credentials, private communications, and PII. Accessing these paths constitutes significant data exposure.
- [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to indirect prompt injection (Category 8). Malicious content embedded within a screenshot could be processed by the agent's vision/OCR functions, potentially leading to the subversion of the agent's instructions.
- Ingestion points: Local image files (png, jpg, jpeg, gif, webp) in screenshot directories.
- Boundary markers: None present.
- Capability inventory: Bash (subprocess execution), Glob, and Read tools.
- Sanitization: None present.
Recommendations
- AI detected serious security threats
Audit Metadata