microsim-screen-capture
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/capture-screenshot.shexecutes Google Chrome or Chromium from various system paths using the command pattern"$CHROME_BIN" --headless=new ....- [COMMAND_EXECUTION]: The Chrome process is launched with the--disable-web-securityand--allow-file-access-from-filesflags. These flags are intended to allow local visualizations to fetch resources from external Content Delivery Networks (CDNs) by bypassing the Same-Origin Policy (SOP). However, this configuration also grants any JavaScript within the loadedmain.htmlthe ability to read arbitrary files from the local file system that are accessible to the user running the process.- [DATA_EXFILTRATION]: While the script itself does not perform exfiltration, the disabled browser security creates a vulnerability surface where a maliciousmain.htmlcould be used to harvest sensitive local data and send it to a remote server during the rendering process.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface: - Ingestion points: The
main.htmlfile located in the user-provided directory path is loaded and rendered by the browser. - Boundary markers: None. There are no markers to isolate the HTML content or instructions to the agent to treat the file as untrusted.
- Capability inventory: The skill has the capability to execute shell commands (launching Chrome) and write files to the local disk (saving the screenshot PNG).
- Sanitization: No sanitization or validation of the HTML/JavaScript content is performed before execution in the browser environment.
Audit Metadata