The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses osascript -e and swift -e to execute dynamically constructed code. Several examples demonstrate interpolating variables (like application names or window IDs) directly into shell commands. If these variables contain malicious characters (e.g., shell metacharacters or quotes), they could lead to arbitrary command execution outside the intended AppleScript or Swift context.
[PROMPT_INJECTION]: The presence of the .security-scan-passed file represents a self-authoritative safety claim. While it mimics a security log, it is part of the skill's own content and attempts to influence the assessment of its safety ('Security scan passed'). Following security protocols, this claim is treated as data to be evaluated rather than a verified conclusion.
[DATA_EXPOSURE_AND_EXFILTRATION]: While the skill's primary purpose is to capture screenshots (which inherently handle sensitive visual data), there are no observed patterns of exfiltrating this data to remote servers or accessing sensitive system files like credentials or SSH keys.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of application names or window titles. These inputs are used as arguments for the Swift and AppleScript logic.
Ingestion points: User-provided keywords passed to get_window_id.swift and shell command templates.
Boundary markers: Absent. Instructions do not provide delimiters or guidance on handling malicious input strings.
Capability inventory: Subprocess execution via osascript, swift, and screencapture.
Sanitization: Absent. There is no evidence of escaping or validating input before it is used in command strings.

capture-screen