screen-logger
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
run_commandtool to append activity summaries to a log file usingecho. This creates a command injection vulnerability because the summary content is derived from raw screen data and interpolated directly into a shell command without sanitization. If an attacker displays malicious shell metacharacters (e.g., backticks, dollar signs, or semicolons) on the user's screen, the agent might include them in the summary, leading to arbitrary code execution when theechocommand is run. - [DATA_EXFILTRATION]: The skill utilizes the macOS
screencapturetool to take a full-screen image. This process involves high-risk data exposure as it captures all visible information, including potentially sensitive personal data, private communications, and credentials that may be displayed on the user's monitor at the time of execution. - [COMMAND_EXECUTION]: The skill executes multiple shell commands (
screencapture,echo,rm) to perform its tasks. While these are necessary for the skill's stated purpose, the reliance on raw shell execution for logging increases the overall attack surface.
Audit Metadata