winapp-ui-automation
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Interaction with Application UI State: The skill allows the agent to read text values, inspect element trees, and capture screenshots of running Windows applications.
- Evidence: Commands like
winapp ui get-value,winapp ui inspect, andwinapp ui screenshotprovide deep visibility into the state of other applications. - Context: This is the primary purpose of the skill. While it involves accessing potentially sensitive information displayed on the screen, it is a standard requirement for UI automation tasks.
- Indirect Prompt Injection Surface: The skill processes data from external applications (UI text and elements), which could theoretically contain instructions intended to influence the agent's behavior.
- Evidence: The
winapp ui get-valueandwinapp ui searchcommands ingest text directly from the UI of third-party apps into the agent's context. - Context: This is a common consideration for any skill that reads untrusted external data. The risk is minimized by the agent's internal guardrails, but users should be mindful when using the skill with applications displaying untrusted content (e.g., a web browser viewing an unknown site).
Audit Metadata