makepad-screenshot
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill provides scripts that use shell variables (
$APP_NAME,$PACKAGE) directly within command strings (e.g.,osascript -e "... $APP_NAME ..."andcargo build -p "$PACKAGE"). If a user or an attacker provides a maliciously crafted package name containing shell metacharacters (e.g.,;,&,|), it could lead to arbitrary command execution on the host system. - DATA_EXPOSURE (LOW): The use of
screencapture -xto grab the display content can inadvertently capture and expose sensitive information visible in the target application or other background windows to the LLM and the scratchpad directory. - INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: The skill uses a
Readtool to analyze screenshots ($SCRATCHPAD/screenshot.png) of the application GUI. - Boundary markers: None. The agent is not instructed to distinguish between UI labels and potential instructions embedded within the GUI text.
- Capability inventory: The skill allows for shell command execution (
cargo,osascript,pkill), which could be abused if the agent follows malicious instructions visually present in the analyzed screenshot. - Sanitization: No sanitization or filtering is applied to the content extracted from the images before the agent processes it.
- PROMPT_INJECTION (LOW): The description uses high-priority markers ("CRITICAL: Use for...") to influence agent behavior and prioritization, though in this context, it appears to be functional rather than malicious.
Audit Metadata