computer-control
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interacts with untrusted data visible on the computer screen through automated screenshot analysis.
- Ingestion points: Desktop screenshots are ingested by the model to determine next actions (SKILL.md).
- Boundary markers: The instructions do not define delimiters or specific 'ignore' directives for content found within screenshots.
- Capability inventory: The agent can perform mouse clicks, drag actions, and arbitrary keyboard typing, which can be misused if the agent follows instructions found in untrusted GUI elements.
- Sanitization: There is no mention of sanitizing or filtering the visual content before it is processed by the AI loop.
- [COMMAND_EXECUTION]: The skill uses xdotool and scrot to translate AI responses into OS-level mouse and keyboard events. This execution is confined to the intended GUI automation purpose.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing standard, well-known utilities (xdotool, scrot, xclip) via the system package manager (apt). These are legitimate tools for the stated functionality.
Audit Metadata