Skills
skills/vishalsachdev/claude-skills/microsim-screen-capture/Gen Agent Trust Hub

microsim-screen-capture

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The script capture-screenshot.sh executes Google Chrome/Chromium with flags that disable the Same-Origin Policy (SOP) and permit file-to-file access. This represents high-risk command execution as it intentionally compromises the security boundaries of the browser sandbox.
  • [DATA_EXFILTRATION] (HIGH): The specific browser configuration enables a 'Local File Disclosure' (LFD) attack vector. Malicious JavaScript within a processed main.html file can programmatically read local host files (e.g., SSH keys, environmental variables) and transmit them to a remote domain.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection via the untrusted main.html file.
  • Ingestion points: The main.html file in the directory provided by the user.
  • Boundary markers: Absent; there are no delimiters or warnings to prevent the browser from executing malicious embedded scripts.
  • Capability inventory: Full browser execution with local file read permissions and network access.
  • Sanitization: None; the HTML content is rendered directly without validation or script filtering.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:45 PM