Skills
skills/mvanhorn/printing-press-library/pp-agent-capture/Gen Agent Trust Hub

pp-agent-capture

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the agent-capture-pp-cli binary from the vendor's official GitHub repository and NPM package scope (@mvanhorn/printing-press).
  • [COMMAND_EXECUTION]: Executes shell commands to perform screen recordings and window captures. This includes the vhs command for processing terminal recording scripts and the remotion command for rendering video compositions.
  • [DATA_EXFILTRATION]: Accesses sensitive screen content and extracts text via macOS Vision OCR. The skill is designed to bundle this data for user-initiated tasks like PR evidence, but the capability to capture arbitrary screen data is present.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its screen-reading and OCR features.
  • Ingestion points: Arbitrary window titles and window content extracted via the ocr, find, and screenshot commands (SKILL.md).
  • Boundary markers: None; captured text is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
  • Capability inventory: The skill can execute various subprocesses via its CLI for media processing and terminal automation (SKILL.md).
  • Sanitization: No evidence of text sanitization or instruction filtering is provided for data extracted from capture targets.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 05:52 PM