ui-capture
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's core functionality is consistent with its stated purpose of UI capture and comparison. It includes a dedicated security section instructing the agent to treat all captured DOM data and screenshots as display-only information rather than executable instructions, effectively mitigating potential indirect prompt injection from analyzed sites.
- [COMMAND_EXECUTION]: The skill utilizes platform-provided tools such as agent-browser for navigation and ffmpeg for video processing. These commands are applied exclusively to user-provided URLs and internal visual artifacts within a temporary directory.
- [DATA_EXFILTRATION]: The instructions explicitly prohibit the use of authentication cookies or credentials during the capture process. Additionally, the skill provides a mandatory cleanup step to remove temporary files that may contain sensitive visual data.
- [EXTERNAL_DOWNLOADS]: Dependencies like agent-browser are sourced from trusted vendors such as Anthropic, and standard utilities like ffmpeg and serve are retrieved through official package managers.
Audit Metadata