screenshots

Warn

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to solicit plain-text credentials (email/username and password) from the user for authentication purposes. These credentials are then embedded into a generated Node.js script (screenshot-script.mjs) stored on the local filesystem. This creates a window of exposure where secrets reside in plain text on disk before the file is deleted.
  • [COMMAND_EXECUTION]: The skill generates and executes a Node.js script to control the Playwright browser. It also uses shell commands to check for dependencies (npm ls), create directories (mkdir), and remove temporary files (rm).
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to read and process content from various project files that could be controlled by an attacker.
  • Ingestion points: Reads content from README.md, CHANGELOG.md, config/routes.rb, routes/web.php, urls.py, and various directory structures to identify app features (Step 3).
  • Boundary markers: None. The instructions do not provide delimiters or warnings to the agent to ignore instructions embedded within the files it reads.
  • Capability inventory: The skill can execute arbitrary Node.js code, perform filesystem operations, and interact with network resources via a browser.
  • Sanitization: None. The agent directly uses the information extracted from these files to build a feature list and automate browser interactions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 01:42 PM
Security Audit — agent-trust-hub — screenshots