Skills
skills/tddworks/asc-cli-skills/asc-app-shots/Gen Agent Trust Hub

asc-app-shots

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the asc command-line utility to manage screenshot templates, apply visual themes, and render images. This includes using a WebKit-based engine to export HTML to PNG format.
  • [CREDENTIALS_UNSAFE]: The skill handles a Gemini API key for AI features. While it allows the key to be passed via command-line arguments, which can be visible in process logs, it also supports standard practices like environment variables and a local configuration file located at ~/.asc/app-shots-config.json.
  • [DATA_EXFILTRATION]: The skill sends screenshot data and text prompts to Google's Gemini AI service. This is the intended behavior for the 'generate' command and uses a well-known service provider.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection because it accepts user-supplied headlines and style prompts that are later processed by an AI model. This risk is inherent to AI-integrated design tools and is limited to the context of the generated screenshot content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 11:05 AM