screenshot
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs its intended function using platform-native directories and standard system utilities without any evidence of data exfiltration, credential harvesting, or malicious command execution.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it ingests and processes untrusted visual data from the filesystem. * Ingestion points: Local image files located in common screenshot directories (SKILL.md). * Boundary markers: No delimiters are specified to isolate the content within the screenshots from the agent's instructions. * Capability inventory: The skill utilizes the Bash tool for filesystem interaction and the Read tool for visual analysis (SKILL.md). * Sanitization: There is no process defined to validate or sanitize the textual or instructional content that might be contained within the screenshots.
Audit Metadata