ShareX Architecture and Porting
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill (SKILL.md) directs the agent to execute shell commands using
git showwith output redirection to retrieve historical file versions. - [PROMPT_INJECTION] (LOW): The 'Historical Comparisons and Parity' section provides explicit behavioral overrides. The skill also possesses an indirect injection surface: 1. Ingestion points: 'C:\Users\liveu\source\repos\ShareX Team\ShareX' (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: 'git show', file-write (SKILL.md). 4. Sanitization: Absent.
- [DATA_EXFILTRATION] (LOW): The hardcoded absolute path in SKILL.md exposes the local user profile 'liveu' and the host directory structure, identifying a specific environment.
Audit Metadata