compare-screenshots
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external visual data (PNG screenshots) which is then reviewed by an LLM-based subagent, creating a surface for indirect prompt injection.
- Ingestion points: PNG files are loaded from directories specified by the
REFERENCE_DIRandCANDIDATE_DIRenvironment variables inscripts/visual-parity-diff.mjs. - Boundary markers: The subagent prompt in
references/subagent-visual-review.mdincludes instructions to "judge only from visible pixels" to mitigate bias, though this does not technically prevent the model from processing text instructions embedded within the images. - Capability inventory: The skill performs file system reads and writes (via
node:fs/promises) and triggers a subagent review process for qualitative visual judgment. - Sanitization: The skill does not perform sanitization or filtering of the content within the processed images before they are reviewed by the subagent.
Audit Metadata