camsnap
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of a binary tool via a third-party Homebrew tap (steipete/tap/camsnap). This source is external and is not listed in the trusted vendors or organizations list.
- [COMMAND_EXECUTION]: The 'camsnap watch' command features an --action parameter that allows for the execution of arbitrary shell commands or scripts when motion events are triggered.
- [CREDENTIALS_UNSAFE]: The documentation provides examples for adding cameras using plain-text usernames and passwords (--user user --pass pass) and references a local configuration file (~/.config/camsnap/config.yaml) for credential storage.
- [PROMPT_INJECTION]: The skill processes data from external cameras via 'camsnap discover --info' and motion monitoring, creating a surface for indirect prompt injection. 1. Ingestion points: Camera discovery metadata and motion event information. 2. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present. 3. Capability inventory: Local command execution via the --action flag. 4. Sanitization: No sanitization of camera-provided metadata is documented before it enters the agent's context.
Audit Metadata