Skills
skills/openclaw/skills/screenshot-capture/Gen Agent Trust Hub

screenshot-capture

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the content of the screenshots it processes.
  • Ingestion points: Extracts content from user-provided screenshots (LinkedIn posts, tweets, articles) as described in step 3 of SKILL.md.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the extraction workflow.
  • Capability inventory: Executes file system commands (cp) and performs append operations to multiple markdown files (notes/frameworks.md, notes/ideas.md, notes/patterns.md).
  • Sanitization: There is no evidence of sanitization or filtering of the text extracted from images before it is used to determine categorization or stored in notes.
  • [COMMAND_EXECUTION]: The skill uses shell-like commands to manage files.
  • Evidence: Step 1 in SKILL.md uses cp [inbound image] notes/screenshots/[descriptive-name].jpg to persist incoming media. While functional for the skill's purpose, this represents a direct interaction with the host file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 04:12 PM