peekaboo
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill functions by executing the
peekaboobinary to perform all system and UI operations, requiring screen recording and accessibility permissions on macOS. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. By analyzing visual content from the screen, the agent may ingest and follow malicious instructions embedded in third-party applications or websites.
- Ingestion points: Captured screen content via
peekaboo seeandpeekaboo image --analyze(SKILL.md). - Boundary markers: None provided in the skill instructions to distinguish between system UI and untrusted content.
- Capability inventory: High-impact capabilities including simulated typing (
type), clicking (click), application management (app), and clipboard manipulation (clipboard) (SKILL.md). - Sanitization: No evidence of input validation or content filtering for the data retrieved from the UI.
- [DATA_EXFILTRATION]: The skill facilitates data exposure by allowing the agent to read the system clipboard and take screenshots of the entire screen or specific windows, which could contain passwords, private messages, or sensitive documents.
Audit Metadata