autoskill
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill by design accesses highly sensitive local screen data via the screenpipe API. However, it implements a comprehensive redaction system in scripts/redact.py to strip credentials, PII, and other secrets before data is sent to the LLM backend.
- [EXTERNAL_DOWNLOADS]: The skill references well-known and trusted external resources, including the screenpipe project on GitHub and the sentence-transformers models from Hugging Face. These are used according to their intended purposes for workflow capture and semantic matching.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content (window titles and OCR text from the user's screen) which is interpolated into prompts for the LLM in scripts/synthesize.py. While a malicious window title could theoretically influence the skill synthesis, the risk is mitigated by the fact that the output is a draft that requires explicit user review and a separate promote command before it is integrated into the system.
- [COMMAND_EXECUTION]: The skill uses the Bash tool via scripts/autoskill.py and scripts/promote.py to perform legitimate diagnostic checks and to promote (move) newly created skill files into the designated skills directory. These operations are within the scope of the skill's stated purpose.
Audit Metadata