compare-screenshots

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external visual data (PNG screenshots) which is then reviewed by an LLM-based subagent, creating a surface for indirect prompt injection.
  • Ingestion points: PNG files are loaded from directories specified by the REFERENCE_DIR and CANDIDATE_DIR environment variables in scripts/visual-parity-diff.mjs.
  • Boundary markers: The subagent prompt in references/subagent-visual-review.md includes instructions to "judge only from visible pixels" to mitigate bias, though this does not technically prevent the model from processing text instructions embedded within the images.
  • Capability inventory: The skill performs file system reads and writes (via node:fs/promises) and triggers a subagent review process for qualitative visual judgment.
  • Sanitization: The skill does not perform sanitization or filtering of the content within the processed images before they are reviewed by the subagent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 02:39 PM
Security Audit — agent-trust-hub — compare-screenshots