Skills
skills/antjanus/skillbox/screenshot-local/Gen Agent Trust Hub

screenshot-local

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the shot-scraper utility from PyPI and the automated download of Playwright-based browser engines (Chromium, Firefox, Webkit) through the shot-scraper install command. These are well-known resources necessary for the tool's core functionality.
  • [COMMAND_EXECUTION]: The YAML configuration (shots.yml) supports a server key that executes arbitrary shell commands to start local development processes (e.g., npm run dev) before capturing screenshots.
  • [REMOTE_CODE_EXECUTION]: The skill enables the execution of JavaScript within the browser context using the -j flag or the javascript YAML key. This is used to manipulate the page state, such as filling forms or removing UI elements, prior to capture.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes external configuration files. 1. Ingestion points: shots.yml multi-shot configuration files. 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution via the server key and browser-side JavaScript execution. 4. Sanitization: None; the tool relies on the integrity of the user-provided configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 09:32 PM