screenshots
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates a temporary script (
screenshot-script.mjs) and executes it using the Node.js runtime to perform browser automation. It also uses shell commands likemkdirandrmfor file management. - [CREDENTIALS_UNSAFE]: To support screenshots of authenticated pages, the skill prompts the user for login credentials and writes them directly into the generated script in plaintext. This temporarily exposes sensitive data on the disk.
- [PROMPT_INJECTION]: The skill analyzes the application's features by reading local files such as
README.mdand routing configurations. This presents an indirect prompt injection risk if an attacker has modified these files to include hidden instructions that the agent might follow. Ingestion points:README.md,package.json, and route definition files. Boundary markers: None. Capability inventory: File system access and browser automation via Playwright. Sanitization: None.
Audit Metadata