ui-capture
Fail
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's preflight check instructions direct the agent to surface a shell command that downloads and executes a script from an untrusted GitHub repository (
voidmatcha/ui-clone-skills) using acurl | bashpipe. While the instructions explicitly state the agent should not auto-execute the command, recommending it to the user as the 'Fastest fix' facilitates high-risk remote code execution from an unverified source. - [COMMAND_EXECUTION]: The skill performs extensive command-line operations using
agent-browserandffmpegto manipulate browser states and process video files. It also usesagent-browser evalto execute arbitrary JavaScript on third-party websites, which is a powerful capability that could be abused if the target site or the agent's logic is compromised. - [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection because it ingests untrusted data from user-supplied URLs. Malicious actors could embed instructions within web page metadata, class names, or visible text that might be interpreted as commands by the agent when it processes browser evaluation results. Although the instructions mention redacting 'prompt-like text', this mitigation is incomplete and may not prevent sophisticated injection attacks.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/voidmatcha/ui-clone-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata