screenshots
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly requests sensitive information, including email/username and password, from the user in plaintext to perform authenticated screenshots.
- [CREDENTIALS_UNSAFE]: The provided credentials are interpolated into a template and written to a temporary local file (
screenshot-script.mjs), exposing secrets in plaintext on the file system. - [COMMAND_EXECUTION]: The skill dynamically generates a Node.js script using template literals and executes it via the system shell using the command
node screenshot-script.mjs. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it reads and interprets data from several files within the local codebase to determine its execution plan.
- Ingestion points: The skill reads
README.md,CHANGELOG.md, and various framework-specific routing files (e.g.,routes.rb,urls.py,package.json) in Step 3. - Boundary markers: No delimiters or instructions are used to distinguish untrusted codebase content from the skill's core logic.
- Capability inventory: The skill has the ability to execute shell commands (
node,rm,mkdir), access the network via Playwright, and read/write local files. - Sanitization: There is no evidence of sanitization or validation of the content read from documentation and configuration files before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata