Skills
skills/nannaolympicbroadcast/windowsuseskill/windows-use/Gen Agent Trust Hub

windows-use

Warn

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/install-binaries.ps1 fetches wmctrl.exe and xdotool.exe from an external GitHub repository (github.com/ebranlard). Although the script performs SHA256 hash verification, these are third-party executables from an unverified source not included in the trusted vendor list.
  • [REMOTE_CODE_EXECUTION]: The skill implements a workflow where binary files are downloaded from a remote server and subsequently executed on the host system. The install-binaries.ps1 script downloads the tools, which are then invoked by focus-and-send.ps1 and other helper scripts to perform system actions.
  • [COMMAND_EXECUTION]: The skill provides the ability to execute arbitrary keystrokes and window management commands via the downloaded binaries. Additionally, scripts/screenshot-active-window.ps1 performs dynamic code execution by using the Add-Type cmdlet to compile and execute C# code at runtime to interface with native Windows APIs (user32.dll).
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 3, 2026, 06:36 AM