screenshot-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external screenshot data.
- Ingestion points: Accesses image files residing in "~/Downloads/Screenshots/" via the "Read" tool as defined in "SKILL.md".
- Boundary markers: Absent; there are no explicit delimiters or instructions provided to the agent to disregard or isolate embedded text or instructions found within the visual content of the screenshots.
- Capability inventory: The skill utilizes shell commands ("ls") and file-reading capabilities ("Read" tool) across its workflow.
- Sanitization: Absent; no mechanism is defined to sanitize, filter, or validate the content of the screenshots before they are processed by the model.
- [COMMAND_EXECUTION]: The skill uses local shell commands to facilitate file discovery and management.
- Evidence: The skill instructs the agent to execute "ls -t ~/Downloads/Screenshots/*.png | head -5" to identify and sort recent files for analysis.
Audit Metadata