screenshots
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to solicit plain-text credentials (email/username and password) from the user for authentication purposes. These credentials are then embedded into a generated Node.js script (
screenshot-script.mjs) stored on the local filesystem. This creates a window of exposure where secrets reside in plain text on disk before the file is deleted. - [COMMAND_EXECUTION]: The skill generates and executes a Node.js script to control the Playwright browser. It also uses shell commands to check for dependencies (
npm ls), create directories (mkdir), and remove temporary files (rm). - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to read and process content from various project files that could be controlled by an attacker.
- Ingestion points: Reads content from
README.md,CHANGELOG.md,config/routes.rb,routes/web.php,urls.py, and various directory structures to identify app features (Step 3). - Boundary markers: None. The instructions do not provide delimiters or warnings to the agent to ignore instructions embedded within the files it reads.
- Capability inventory: The skill can execute arbitrary Node.js code, perform filesystem operations, and interact with network resources via a browser.
- Sanitization: None. The agent directly uses the information extracted from these files to build a feature list and automate browser interactions.
Audit Metadata