screenshots
Fail
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill dynamically generates a JavaScript file (
screenshot-script.mjs) and executes it using thenoderuntime. The content of this script, specifically theSCREENSHOTSconfiguration andAUTHobject, is constructed at runtime using data gathered from the user and the local codebase environment. - [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to solicit sensitive authentication details (email/username and password) from the user. These credentials are subsequently embedded in plain text within the generated
screenshot-script.mjsfile during the execution phase. - [COMMAND_EXECUTION]: The skill performs several shell-based operations including environment validation (
npx playwright), directory creation (mkdir -p screenshots), execution of the generated script (node screenshot-script.mjs), and file cleanup (rm screenshot-script.mjs). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated analysis of untrusted codebase files.
- Ingestion points: Reads content from
README.md,CHANGELOG.md,config/routes.rb,app/directories, and other routing/component files to identify app features. - Boundary markers: None identified; instructions do not specify delimiters or warnings to ignore embedded content in analyzed files.
- Capability inventory: The skill has the capability to write and execute scripts (
node), create directories, and perform network requests via Playwright. - Sanitization: There is no evidence of sanitization or escaping of the paths or feature names extracted from the codebase before they are interpolated into the generated JavaScript template.
Recommendations
- AI detected serious security threats
Audit Metadata