windows-qa-engineer

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the UFO automation framework from Microsoft's official GitHub repository (https://github.com/microsoft/UFO.git). This targets a trusted organization and is well-known service usage.
  • [COMMAND_EXECUTION]: The scripts/skill_installer.py script executes shell commands via subprocess.run to handle environment setup tasks, including cloning the UFO repository, creating Python virtual environments, and installing dependencies like fastmcp and pydantic.
  • [PROMPT_INJECTION]: The skill processes UI text and metadata from external Windows applications, which creates a surface for indirect prompt injection if target applications contain malicious labels or data.
  • Ingestion points: scripts/ufo_windows_qa_mcp_server.py via texts and get_app_window_controls_info tools.
  • Boundary markers: None identified in the tool definitions.
  • Capability inventory: UI interaction tools (click, type, keyboard input) and the environment installer script.
  • Sanitization: No explicit sanitization or validation of UI control text is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 01:44 AM
Security Audit — agent-trust-hub — windows-qa-engineer