screenshot
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python and Bash scripts (
scripts/take_screenshot.py,scripts/ensure_macos_permissions.sh) execute system-level commands such asscreencapture,scrot,gnome-screenshot, andosascriptto perform screen captures and permission management. - [COMMAND_EXECUTION]: The PowerShell script (
scripts/take_screenshot.ps1) utilizesAdd-Typeto dynamically compile and execute C# code for interfacing with the Windows API (GetForegroundWindow,GetWindowRect), which is a form of dynamic execution for system interaction. - [PROMPT_INJECTION]: The skill exposes the agent to indirect prompt injection (Category 8) by facilitating the ingestion of untrusted visual data from the operating system environment.
- Ingestion points: Screenshots captured and saved to the local filesystem via the included scripts.
- Boundary markers: None present; the agent lacks the ability to distinguish between legitimate UI elements and malicious text instructions embedded within captured images.
- Capability inventory: The agent can execute arbitrary shell commands and perform filesystem operations via the skill's utility scripts.
- Sanitization: No sanitization, OCR filtering, or content validation is applied to the visual data before it is processed by the agent.
Audit Metadata