screenshot
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes shell commands (Bash and PowerShell) that interpolate the --dir and count variables. If these arguments are provided by an untrusted source or handled without sanitization, an attacker could use shell metacharacters to perform arbitrary command execution on the host system.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the content of the screenshots it processes. 1. Ingestion points: Image files in screenshot directories and the .claude/screenshot.json configuration file. 2. Boundary markers: None present to distinguish screenshot content from system instructions. 3. Capability inventory: Access to Bash, Glob, and Read tools. 4. Sanitization: No validation or filtering of text contained within processed images. Text found in screenshots (via OCR or visual analysis) could be interpreted by the agent as high-priority instructions, potentially overriding its safety guidelines.
Audit Metadata