computer-use
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automates the installation of the
agent-clickutility from the public npm registry to the host machine if it is not already present. - [COMMAND_EXECUTION]: Executes various shell commands through a local tunnel (
agent-tunnel) to facilitate desktop interactions, including opening applications, managing windows, and simulating keyboard/mouse events. - [REMOTE_CODE_EXECUTION]: The skill enables the agent to execute complex UI automation sequences and shell-based CLI commands on the user's computer to fulfill desktop automation tasks.
- [PROMPT_INJECTION]: The skill is designed to read and process content directly from the user's screen (via snapshots and value retrieval), which creates a surface for indirect prompt injection if the agent encounters malicious instructions embedded in web pages, documents, or other UI elements.
- Ingestion points: Screen content and UI element attributes captured via the
snapshot,text, andget-valuecommands inSKILL.md. - Boundary markers: The instructions do not specify delimiters or constraints for the agent to distinguish between valid UI data and potential instructions found within that data.
- Capability inventory: Extensive desktop control including shell command execution, file manipulation via the GUI, and application interaction through the
agent-tunnelprimitive. - Sanitization: No sanitization or filtering of screen-captured text is performed before it is added to the agent's context.
Audit Metadata