xiaohongshu-images
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection due to its capability to fetch and process content from arbitrary URLs and local files. (1) Ingestion points: Input content via URL or file path. (2) Boundary markers: Absent; no instructions to ignore embedded commands are present in the documentation. (3) Capability inventory: Writing files to the user's home directory and executing the screenshot.py script. (4) Sanitization: Absent; no indication that input content is sanitized before rendering for screenshots.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing 'python scripts/screenshot.py' via the shell, which could be exploited if an attacker can manipulate the content or file paths processed by the script.
- [EXTERNAL_DOWNLOADS] (LOW): Requires installation of the playwright package and chromium browser. Although these originate from trusted sources (Microsoft and Google), they increase the attack surface when processing untrusted external content.
Recommendations
- AI detected serious security threats
Audit Metadata