Skills
skills/malue-ai/dazee-small/peekaboo/Gen Agent Trust Hub

peekaboo

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the peekaboo CLI tool using a third-party Homebrew tap (steipete/tap/peekaboo). This source does not belong to a verified organization or the skill author (malue-ai), presenting a supply chain risk.
  • [COMMAND_EXECUTION]: The tool performs extensive UI automation, including click, type, and hotkey commands. This allows the agent to interact with any application on the host system, including entering sensitive data as shown in the examples (e.g., typing passwords).
  • [DATA_EXFILTRATION]: The skill accesses highly sensitive data including the system clipboard, list of open windows, and live screen captures. The tool documentation mentions a bridge command and a --no-remote flag, indicating the binary may have network capabilities that could be used for data transmission.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its screen analysis features.
  • Ingestion points: Visual data captured from the screen or windows via the see, image, and capture commands in SKILL.md.
  • Boundary markers: None are specified to protect against instructions embedded in the captured UI.
  • Capability inventory: Full UI interaction capabilities including click, type, paste, and app management across all scripts.
  • Sanitization: No evidence of data sanitization or instruction filtering for content derived from visual analysis.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 02:07 AM