screenshot-page-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes and interprets text extracted from user-provided screenshots, which introduces a risk of indirect prompt injection. Maliciously crafted text within an image could attempt to override the agent's instructions or influence the output during code generation and asset extraction phases.\n
- Ingestion points: Screenshots provided by the user and stored in the 'temp/screenshots/' directory.\n
- Capability inventory: Capabilities include writing files (TSX, CSS, JSON, Markdown) to project directories ('src/themes/', 'src/database/', 'src/prototypes/') and executing local command-line tools.\n
- Boundary markers: Not utilized; the skill does not use specific delimiters to isolate content extracted from screenshots from the agent's instruction context.\n
- Sanitization: No content-based validation or sanitization of text extracted from images is described.\n- [COMMAND_EXECUTION]: The skill executes a local script using the command 'node scripts/check-app-ready.mjs' to verify generated prototypes, which is an expected part of the development workflow but represents a direct command execution capability.
Audit Metadata