Skills
skills/spm1001/claude-suite/screenshot/Gen Agent Trust Hub

screenshot

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Application names and window titles are retrieved from the macOS window server and displayed to the agent without sanitization. An attacker could use a malicious window title to attempt to control the agent's behavior.
  • Ingestion points: Window titles and application names are read in scripts/look.py and printed to the terminal.
  • Boundary markers: No delimiters or warnings are used to separate untrusted window titles from agent instructions.
  • Capability inventory: The skill can execute screencapture and sips through subprocess calls and write to the local file system.
  • Sanitization: Window titles are not sanitized or escaped before being presented to the agent.
  • [COMMAND_EXECUTION]: The script scripts/look.py executes screencapture and sips using the Python subprocess module. Although it uses a list of arguments to avoid shell injection, the agent can still trigger these system utilities with controlled parameters like window IDs and file paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 06:09 PM