Skills
skills/madeyexz/ian-skills-agents/pr-screenshot/Gen Agent Trust Hub

pr-screenshot

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • PROMPT_INJECTION (LOW): Detected a surface for Indirect Prompt Injection.
  • Ingestion points: The skill uses gh pr view to fetch the PR title and body, which are untrusted inputs.
  • Boundary markers: No markers or instructions are provided to the agent to ignore instructions embedded within the PR content.
  • Capability inventory: The skill has powerful capabilities including git push, gh pr edit, and agent-browser eval (JavaScript execution in a browser context).
  • Sanitization: PR content is interpolated directly into shell commands (gh pr edit --body ...) and browser interactions without sanitization.
  • CREDENTIALS_UNSAFE (LOW): The skill instructs the agent to read CLAUDE.md for login credentials. While not hardcoding secrets itself, this encourages the exposure of credentials to the model's context, which could be exfiltrated if the agent is compromised via prompt injection.
  • COMMAND_EXECUTION (SAFE): Uses standard CLI tools (gh, git, pnpm) and a browser automation tool (agent-browser) to perform its stated purpose of taking screenshots of a local development environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 01:45 PM