screenshot
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (HIGH): The skill provides system-wide screen capture capabilities, allowing images of the desktop or specific windows to be saved to arbitrary paths, which can expose sensitive UI data.\n- COMMAND_EXECUTION (HIGH): The skill executes scripts that bypass security policies using '-ExecutionPolicy Bypass' and encourages the use of 'escalated permissions' to override macOS sandbox restrictions.\n- REMOTE_CODE_EXECUTION (MEDIUM): The 'take_screenshot.ps1' script performs dynamic execution by compiling C# code at runtime via 'Add-Type' to access native Windows APIs.\n- PROMPT_INJECTION (HIGH): The skill has a significant attack surface for indirect prompt injection (Category 8). Evidence: (1) Ingestion points: Path and Mode arguments in 'take_screenshot.ps1' and 'take_screenshot.py'. (2) Boundary markers: Absent. (3) Capability inventory: System-wide capture and arbitrary file writes. (4) Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata