linux-screenshot
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing local system commands such as
scrotandgnome-screenshotto perform screen captures.\n- [PRIVILEGE_ESCALATION]: The installation guide recommends the use ofsudowith package managers (apt,dnf), which involves executing commands with elevated administrative privileges.\n- [INDIRECT_PROMPT_INJECTION]: By capturing images of the user's screen, the skill introduces a vulnerability where malicious text or instructions displayed on the screen could be processed and followed by an AI agent.\n - Ingestion points: Screen capture outputs stored in
/tmp/viascrotandgnome-screenshot.\n - Boundary markers: None identified in the provided instructions.\n
- Capability inventory: Shell command execution and system package management.\n
- Sanitization: No evidence of data sanitization or filtering for the captured images.
Recommendations
- AI detected serious security threats
Audit Metadata