screenapp-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill documents the use of the 'screenapp' CLI for media analysis tasks. The commands shown follow the intended purpose of the tool and do not include arbitrary shell execution or suspicious parameters.\n- [DATA_EXFILTRATION] (SAFE): While the skill mentions a configuration file (~/.screenapp-cli/config.toml) for API tokens, this is standard for CLI authentication. No logic exists to exfiltrate these credentials to untrusted domains.\n- [PROMPT_INJECTION] (LOW): The skill processes external video transcripts and AI queries, creating a surface for indirect prompt injection. Evidence: 1. Ingestion points: Transcripts and video frames via 'screenapp ask'. 2. Boundary markers: Absent from documentation. 3. Capability inventory: Execution of local screenapp CLI commands. 4. Sanitization: Not specified in the skill definition.\n- [NO_CODE] (SAFE): The skill consists of documentation and command examples without providing any executable binary, script, or installation code.
Audit Metadata