screenshot
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implementation relies on standard, pre-installed operating system utilities and native programming interfaces to perform its intended tasks. No malicious behavior or suspicious external dependencies were found.
- [COMMAND_EXECUTION]: The Python helper script (
take_screenshot.py) and shell script (ensure_macos_permissions.sh) execute local commands to interface with the system. These executions are performed using argument lists rather than shell strings, which effectively mitigates the risk of command injection from user-provided inputs like application names or window titles. - [COMMAND_EXECUTION]: On macOS, the skill utilizes AppleScript via
osascriptto activate target applications. The script includes basic sanitization by escaping double quotes in application names to prevent AppleScript injection. - [COMMAND_EXECUTION]: The Windows implementation uses a PowerShell script (
take_screenshot.ps1) to access .NET Graphics libraries for screen capture. While it specifies an execution policy bypass, this is restricted to the scope of the script execution and is standard practice for local automation tasks. - [DATA_EXFILTRATION]: All captured images are saved to the local file system (either user-defined paths, OS defaults, or temporary directories). There are no network operations, hardcoded remote endpoints, or patterns indicating that captured data is being sent to external servers.
Audit Metadata