Skills
skills/turbodocx/guidewright/guidewright-capture/Gen Agent Trust Hub

guidewright-capture

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes Chrome DevTools MCP tools (take_snapshot, evaluate_script, click, take_screenshot) to automate browser interactions. These commands are necessary for its primary function of identifying UI elements and capturing screenshots for documentation.
  • [SAFE]: The instructions include a specific security rule that the agent must never read .env or other sensitive secret files to obtain login credentials, instead requiring it to request this information directly from the user.
  • [COMMAND_EXECUTION]: The skill uses evaluate_script to inject a JavaScript snippet that draws a red box around UI elements. The code is provided in plain text within the skill's references and performs only visual DOM modifications (creating a div, styling, and positioning) to facilitate screenshot annotation.
  • [SAFE]: No indicators of malicious persistence, data exfiltration, or obfuscated content were found in the skill's instructions or supporting scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 12:30 AM
Security Audit — agent-trust-hub — guidewright-capture