pr-screenshot-docs
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill provides instructions to upload local files to an external, non-whitelisted hosting service.
- Evidence: The workflow includes the command
curl -F 'file=@screenshot.png' https://0x0.stin the 'Upload Screenshots' section. - Context:
0x0.st(The Null Pointer) is a public, anonymous, and ephemeral file hosting service. Uploading screenshots—which may contain sensitive UI data, internal URLs, or credentials visible in text fields—to such a service facilitates data exfiltration outside of organizational boundaries. - Indirect Prompt Injection (LOW): The skill involves processing and documenting UI components which are external, untrusted data sources.
- Ingestion points: The skill utilizes
browser_snapshotandbrowser_take_screenshotto ingest visual and structural data from web pages. - Boundary markers: Absent. There are no instructions provided to the agent to ignore or delimit potentially malicious instructions embedded in the UI elements being captured.
- Capability inventory: The skill possesses network egress capabilities (
curl) and browser navigation capabilities. - Sanitization: Absent. The captured data is processed directly into documentation without filtering or validation.
- Command Execution (LOW): The skill suggests the execution of shell commands to perform network operations.
- Evidence: The use of
curlfor file uploads. - Risk: While the commands are shown as examples, an autonomous agent following these instructions would execute external network requests that could bypass security egress policies.
Audit Metadata