Skills
skills/winsorllc/upgraded-carnival/web-screenshot/Gen Agent Trust Hub

web-screenshot

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script screenshot.js attempts to execute system-level installation commands with implied elevated privileges.
  • Evidence: If a Chrome binary is not found, the code executes apt-get update && apt-get install -y chromium using execSync to modify the host system.
  • [COMMAND_EXECUTION]: The script uses shell-interactive functions to execute binaries with arguments derived from user input.
  • Evidence: The user-provided url and outputFile parameters are passed directly as arguments to the Chrome process via child_process.spawn and execSync.
  • [DATA_EXFILTRATION]: The skill is vulnerable to local file disclosure (LFD) due to a lack of URL validation.
  • Evidence: Headless Chrome can be directed to access local system files using the file:// protocol (e.g., file:///etc/passwd), enabling an attacker to capture screenshots of sensitive data.
  • [DATA_EXFILTRATION]: The script allows the user to specify arbitrary output file paths, creating a risk of unauthorized file writes or overwrites.
  • Evidence: The outputFile argument is used in fs.renameSync without path sanitization, which could allow the tool to overwrite critical system or configuration files if the agent has sufficient filesystem permissions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 05:10 AM