screenshot-claude

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly requires the agent to open an arbitrary initial URL and navigate pages from that site to capture screenshots, which exposes it to untrusted public web content that it must read/interpret as part of its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The command "bunx @willbooster/agent-skills@latest screenshot --agent claude ..." fetches and executes the remote npm package @willbooster/agent-skills@latest at runtime, which therefore can run code and control agent behavior/instructions, so it is a risky external dependency.