screenpipe-setup
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill installs a persistence mechanism by copying a property list file to
~/Library/LaunchAgents/and usinglaunchctl loadto ensure a cleanup script runs automatically on the system. - [COMMAND_EXECUTION]: Multiple shell commands are used to install software (
brew install screenpipe), modify user configuration files (~/.screenpipe/config.json), and manage local processes (pkill screenpipe,screenpipe &). - [DATA_EXFILTRATION]: The skill enables continuous screen capture and OCR. While it implements a blocklist for browsers and password managers, there is an inherent risk of capturing sensitive PII or credentials if they are displayed in permitted applications like Slack, Notion, or terminals.
- [PROMPT_INJECTION]: The skill introduces an indirect prompt injection surface by processing untrusted data (OCR text from the screen) to answer user queries.
- Ingestion points: Captured OCR text from
screenpipeis ingested into the agent context for summarization and retrieval tasks. - Boundary markers: None provided in the instructions to separate retrieved OCR data from system instructions.
- Capability inventory: The agent has the ability to execute shell commands, install software, and read/write local configuration files.
- Sanitization: No sanitization or verification of the OCR content is performed before processing.
Audit Metadata