win-uia
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a 'launch' command that allows the agent to execute arbitrary applications on the host system via the Process.Start API. Evidence: Documented in SKILL.md and implemented in src/Uia.Core/ProcessManager.cs.
- [DATA_EXFILTRATION]: The skill provides commands to capture window screenshots and retrieve clipboard content, creating a risk of sensitive data exposure. Evidence: 'uia screenshot' and 'uia clipboard get' commands documented in SKILL.md and implemented in src/Uia.Server/Program.cs.
- [EXTERNAL_DOWNLOADS]: The documentation and installation instructions recommend downloading and executing a remote PowerShell script from GitHub using 'Invoke-Expression' (iex). Evidence: The 'irm ... | iex' pattern is documented in README.md and SKILL.md.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by ingesting untrusted text from UI element trees. Ingestion points: Element names, values, and window titles processed by 'uia tree', 'uia find', and 'uia state'. Boundary markers: Absent from both the instructions and the processing logic. Capability inventory: High-risk capabilities including application launching, keyboard/mouse simulation, and screenshot capture. Sanitization: No validation or sanitization of UI content is performed before presentation to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata