linkedin-project-post
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The script 'scripts/capture-screenshot.sh' uses 'npx --yes puppeteer'. This command downloads and executes the latest version of 'puppeteer' from the npm registry at runtime without user confirmation or version pinning, creating a significant supply chain vulnerability.
- EXTERNAL_DOWNLOADS (HIGH): Automated scans flagged the use of 'curl' with 'api.screenshotone.com' as a remote code execution risk. The skill downloads content from this untrusted third-party API and stores it in the local '~/Downloads' directory.
- COMMAND_EXECUTION (MEDIUM): System commands including 'curl', 'npx', and 'open' are executed in 'scripts/capture-screenshot.sh' using user-provided URL input. The script lacks validation and sanitization for this input, which could enable command argument manipulation through crafted URLs.
- DATA_EXFILTRATION (LOW): The skill transmits user-provided project URLs to an external screenshot service ('api.screenshotone.com'), potentially exposing private or internal development addresses to a third party.
- PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection as it ingests untrusted URL data without boundary markers or sanitization before using it in shell-executed scripts. Ingestion points: user-provided URL; Boundary markers: absent; Capability inventory: shell execution of npx/curl/open; Sanitization: absent in scripts/capture-screenshot.sh.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.screenshotone.com/take?url=[URL]&viewport_width=1200&viewport_height=630&format=png - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata