microsim-screen-capture

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/capture-screenshot.sh executes Google Chrome or Chromium from various system paths using the command pattern "$CHROME_BIN" --headless=new ....- [COMMAND_EXECUTION]: The Chrome process is launched with the --disable-web-security and --allow-file-access-from-files flags. These flags are intended to allow local visualizations to fetch resources from external Content Delivery Networks (CDNs) by bypassing the Same-Origin Policy (SOP). However, this configuration also grants any JavaScript within the loaded main.html the ability to read arbitrary files from the local file system that are accessible to the user running the process.- [DATA_EXFILTRATION]: While the script itself does not perform exfiltration, the disabled browser security creates a vulnerability surface where a malicious main.html could be used to harvest sensitive local data and send it to a remote server during the rendering process.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface:
  • Ingestion points: The main.html file located in the user-provided directory path is loaded and rendered by the browser.
  • Boundary markers: None. There are no markers to isolate the HTML content or instructions to the agent to treat the file as untrusted.
  • Capability inventory: The skill has the capability to execute shell commands (launching Chrome) and write files to the local disk (saving the screenshot PNG).
  • Sanitization: No sanitization or validation of the HTML/JavaScript content is performed before execution in the browser environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:22 PM
Security Audit — agent-trust-hub — microsim-screen-capture