autoskill
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses highly sensitive data, including OCR transcripts of the user's screen and environment variables for API authentication (SCREENPIPE_TOKEN, ANTHROPIC_API_KEY).
- [PROMPT_INJECTION]: The skill processes untrusted content from the user's screen (window titles and OCR text), creating an indirect prompt injection surface. If an attacker controls content displayed on the screen (e.g., via a malicious website), they could attempt to influence the LLM's classification or the content of drafted skills.
- Ingestion points: Screen data is ingested from the local screenpipe API in
scripts/fetch_window.py. - Boundary markers: The prompt in
scripts/synthesize.pyuses structured formatting to isolate user data from instructions. - Capability inventory: The skill can write and move files to the local filesystem using
scripts/run.pyandscripts/promote.py. - Sanitization: A dedicated redaction module (
scripts/redact.py) scrubs PII and common secrets (AWS keys, Bearer tokens, GitHub tokens, etc.) from screen data before processing. - [EXTERNAL_DOWNLOADS]: The skill downloads the
all-MiniLM-L6-v2embedding model from Hugging Face's official repository during initial setup to facilitate local semantic matching of skills.
Audit Metadata