camsnap
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration (YAML frontmatter) specifies an installation step that fetches a binary from a third-party Homebrew tap (
steipete/tap/camsnap). While the installation mechanism is standard, the source repository is managed by an individual developer outside of the recognized trusted organizations list. - [COMMAND_EXECUTION]: The
camsnap watchcommand utilizes an--actionparameter that executes arbitrary shell strings when motion events are triggered. This provides a mechanism for local command execution depending on how the tool handles the action string. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the motion detection workflow.
- Ingestion points: External metadata and event triggers from RTSP/ONVIF cameras processed by the
watchcommand. - Boundary markers: None identified; the
--actionparameter accepts a raw string without specified delimiters or instruction-ignore warnings. - Capability inventory: The skill uses the
camsnapbinary which has the capability to execute shell commands and write files (--out). - Sanitization: No input sanitization or validation is described for the data being passed into the
--actionshell command string.
Audit Metadata