camsnap
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the camsnap utility from a third-party Homebrew repository (steipete/tap/camsnap) which is not among the trusted or well-known vendors.
- [COMMAND_EXECUTION]: The camsnap watch command features an --action parameter that executes arbitrary shell commands when motion is detected, presenting a significant surface for dynamic command execution.
- [CREDENTIALS_UNSAFE]: Camera authentication data, including host addresses and passwords, are stored in a local configuration file (~/.config/camsnap/config.yaml) and can be passed in plaintext via command-line arguments.
- [PROMPT_INJECTION]: 1. Ingestion points: Data is ingested from external network cameras via the discover command. 2. Boundary markers: No delimiters or instruction-ignore warnings are present to isolate untrusted camera metadata. 3. Capability inventory: The skill can execute shell actions through the watch command. 4. Sanitization: No evidence of validation or sanitization of camera-provided metadata is documented, creating a risk of indirect prompt injection.
Audit Metadata