screenshot-feature-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill processes untrusted visual data (screenshots). While screenshots could contain embedded text instructions designed to influence the LLM, the skill's impact is limited to local markdown file generation.
- Ingestion points: SKILL.md Phase 1 reads user-provided screenshot files.
- Boundary markers: Absent; the prompts do not explicitly tell the agents to ignore instructions within the images.
- Capability inventory: Limited to writing documentation to the 'docs/plans/' directory.
- Sanitization: None detected.
- [Data Exposure & Exfiltration] (SAFE): The skill reads local images and writes results to the local filesystem. No network requests (curl, wget, fetch) or hardcoded credentials were found.
- [Remote Code Execution] (SAFE): The skill consists entirely of markdown instructions and does not include scripts, package manifests (package.json, requirements.txt), or commands to download/execute remote code.
- [Command Execution] (SAFE): No dangerous system commands or privilege escalation attempts (sudo, chmod) were detected.
Audit Metadata