Skills
skills/willbooster/agent-skills/screenshot-codex/Gen Agent Trust Hub

screenshot-codex

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the @willbooster/agent-skills package from the NPM registry at runtime. This package is an official resource from the developer.
  • [COMMAND_EXECUTION]: The skill executes a bash command using bunx to trigger the screenshot process.
  • [REMOTE_CODE_EXECUTION]: Running bunx @willbooster/agent-skills@latest involves fetching and executing remote code. This is a standard delivery mechanism for the developer's tools.
  • [PROMPT_INJECTION]: The skill ingests content from external URLs, which represents a surface for indirect prompt injection. Ingestion points: <initial-url> in SKILL.md. Boundary markers: None. Capability inventory: Command execution via bunx. Sanitization: None. This is documented as a risk factor inherent to the skill's primary function of processing web content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:49 AM
Security Audit — agent-trust-hub — screenshot-codex