snap-context
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted image content and transcribes it into the conversation without safeguards. Malicious text within a screenshot could potentially influence the subagent's output or the subsequent conversation flow. \n
- Ingestion points: The skill ingests file paths and attachments through the $ARGUMENTS variable and conversation context as defined in SKILL.md. \n
- Boundary markers: Absent; there are no delimiters or instructions provided to the subagent to distinguish between visual data and potential embedded commands. \n
- Capability inventory: The skill uses the Read tool to access the local file system and the Task tool to spawn subagents. \n
- Sanitization: Absent; there is no validation to ensure that the provided file path points to a valid image or is restricted to safe directories.
Audit Metadata