Skills
skills/screenshotone/skills/screenshotone-website-screenshot/Gen Agent Trust Hub

screenshotone-website-screenshot

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides templates for executing curl commands to interact with the ScreenshotOne API. These commands are used to configure screenshot parameters and specify output files.
  • [EXTERNAL_DOWNLOADS]: The skill fetches website captures from https://api.screenshotone.com/take and saves the resulting files (images, PDFs, or text) to the local filesystem.
  • [DATA_EXFILTRATION]: To perform its function, the skill transmits user-provided URLs and API access keys to the ScreenshotOne service. This is the intended behavior of the tool and targets the official vendor API.
  • [PROMPT_INJECTION]: The skill supports capturing and extracting content from arbitrary, untrusted URLs (using options like metadata_content=true or format=markdown). This creates a surface for indirect prompt injection where malicious content on a captured website could attempt to influence the agent's subsequent behavior when it processes the resulting data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 08:15 PM