windows-qa-engineer
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the UFO automation framework from Microsoft's official GitHub repository (https://github.com/microsoft/UFO.git). This targets a trusted organization and is well-known service usage.
- [COMMAND_EXECUTION]: The
scripts/skill_installer.pyscript executes shell commands viasubprocess.runto handle environment setup tasks, including cloning the UFO repository, creating Python virtual environments, and installing dependencies likefastmcpandpydantic. - [PROMPT_INJECTION]: The skill processes UI text and metadata from external Windows applications, which creates a surface for indirect prompt injection if target applications contain malicious labels or data.
- Ingestion points:
scripts/ufo_windows_qa_mcp_server.pyviatextsandget_app_window_controls_infotools. - Boundary markers: None identified in the tool definitions.
- Capability inventory: UI interaction tools (click, type, keyboard input) and the environment installer script.
- Sanitization: No explicit sanitization or validation of UI control text is performed before it is processed by the agent.
Audit Metadata