Skills
skills/lirrensi/agent-cli-helpers/screenshot/Gen Agent Trust Hub

screenshot

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install an unverified package named agentcli-helpers using the uv tool. This package does not originate from a trusted organization or well-known service, making its safety unverifiable.
  • [COMMAND_EXECUTION]: The skill executes the screenshot command and provides examples of using shell pipes with xargs, curl, and open to process captured images.
  • [DATA_EXFILTRATION]: The usage guide includes a specific example for sending captured screen data to an external API (http://api/upload) using curl. Because screenshots often contain highly sensitive information such as passwords, personal communications, or private keys, this represents a significant exfiltration vector.
  • [REMOTE_CODE_EXECUTION]: The requirement to download and execute an unverified CLI tool that interacts with system-level resources (the screen buffer) poses a risk of remote code execution if the package is malicious or insecure.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 04:45 PM