Skills
skills/img402/skills/github-image-hosting/Gen Agent Trust Hub

github-image-hosting

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION] (MEDIUM): The skill transmits local image data to an external, non-whitelisted domain img402.dev.
  • Evidence: curl -s -X POST https://img402.dev/api/free -F image=@/tmp/screenshot.png in SKILL.md.
  • Context: The skill utilizes screencapture to generate the file. Screenshots are inherently sensitive as they may contain private information. Sending this data to a third-party service that requires no authentication for uploads increases the risk of unauthorized data access.
  • [COMMAND_EXECUTION] (LOW): The skill executes system-level commands to capture and manipulate images.
  • Evidence: screencapture -x /tmp/screenshot.png, screencapture -xw /tmp/screenshot.png, and sips -Z 1600 /tmp/screenshot.png.
  • Context: These are standard macOS utilities. While they are used for the skill's primary function, users should be aware that the agent will be invoking tools that capture screen content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:34 PM