git-host-rn-web-before-after
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DYNAMIC_EXECUTION]: The
screenshot-before-after.shscript executes several blocks of JavaScript code by piping strings tonode -. This is used for tasks such as JSON parsing (json_get_field,write_context), URL component encoding (encode_url_component), and server command detection logic. - [INDIRECT_PROMPT_INJECTION]: The skill implements a workflow that reads and modifies untrusted external data, creating an injection surface.
- Ingestion points: Fetches existing pull request (PR) or merge request (MR) descriptions from GitHub or GitLab using the
ghorglabCLI tools. - Boundary markers: Employs the
## Before & AfterMarkdown header as a delimiter for content replacement. - Capability inventory: The skill can perform git commits, push to remote branches, update remote PR/MR metadata, and execute local shell commands.
- Sanitization: The script performs regex-based replacement on the fetched text but does not sanitize or validate the input before re-uploading, allowing malicious descriptions to potentially influence the automated update process.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs expected data transfer and storage operations.
- Network operations: Communicates with GitHub (github.com) and GitLab (gitlab.com) to push screenshot assets and update review descriptions.
- Sensitive file access: Accesses the user's home directory to store operational state in
~/.config/opencode/skills/screenshot-skill/state/context.json. - [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill relies on external Node.js dependencies (
puppeteer-core,minimist) and assumes the presence of system-level binaries likegh,glab, andchromium. The capture script launches Chromium with the--no-sandboxflag, which reduces the browser's security isolation.
Audit Metadata