web-screenshot
Fail
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/capture_via_system_browser.shis vulnerable to command injection via the URL parameter. - Evidence: On macOS, the script uses a heredoc to pass AppleScript to
osascript, where the$URLvariable is interpolated directly into a string:set newTab to make new tab with properties {URL:"$URL"}. A malicious URL could terminate the string and execute arbitrary AppleScript. - Evidence: On Windows, the script interpolates
$URLinto a PowerShell command string:powershell.exe -NoProfile -Command "Start-Process chrome '$URL'". An attacker could break out of the single quotes to execute arbitrary PowerShell commands. - [EXTERNAL_DOWNLOADS]: The skill requires and recommends the installation of several external dependencies to provide full functionality.
- Evidence:
SKILL.mdprovides instructions for installingshot-scraper,playwright, andtf-playwright-stealthvia Python package managers. - Evidence: The skill documentation also mentions
agent-browser, a Node.js package installed vianpm. These tools are reputable but represent an external dependency chain managed outside the skill itself.
Recommendations
- AI detected serious security threats
Audit Metadata