Skills
skills/usefulagents/screencli-skill/screencli-record/Gen Agent Trust Hub

screencli-record

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the screencli command via npx to record browser demos and manage cloud uploads.
  • [EXTERNAL_DOWNLOADS]: Fetches and executes the screencli package from the npm registry at runtime.
  • [DATA_EXFILTRATION]: Uploads processed video recordings to the screencli.sh domain to generate shareable links.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it employs an agent to interact with untrusted external websites.
  • Ingestion points: Target URLs provided to the record command in SKILL.md.
  • Boundary markers: No explicit instructions are provided to the agent to ignore embedded prompts in the recorded websites.
  • Capability inventory: The browser agent can navigate and interact with web pages, while the CLI tool manages local storage in ~/.screencli and performs cloud uploads.
  • Sanitization: No evidence of sanitization of website content is provided before interaction.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:20 PM