screenshot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure (HIGH): The skill captures screenshots of the user's desktop or specific windows, which can contain sensitive information like passwords, PII, or private documents, exposing this data to the agent's context.
- Indirect Prompt Injection (HIGH): The skill creates a high-risk surface for indirect prompt injection where malicious instructions embedded in captured visual content (e.g., in a browser or document) could override agent behavior. 1. Ingestion: Screen content via take_screenshot scripts. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution (screencapture, scrot) and file writing. 4. Sanitization: Absent.
- Privilege Escalation (HIGH): Documentation explicitly encourages agents to request escalated permissions to bypass security sandboxes, and the Windows script uses -ExecutionPolicy Bypass.
- Dynamic Execution (MEDIUM): Uses Add-Type for runtime C# compilation in PowerShell to access native APIs and uses the swift interpreter for runtime execution of permission checks on macOS.
Recommendations
- AI detected serious security threats
Audit Metadata