computer-use
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
orcaCLI tool and local development scripts (e.g.,./config/scripts/orca-dev) to perform desktop actions like clicking, typing, and scrolling. These operations are essential to the skill's primary function of computer interaction. - [DATA_EXPOSURE]: The skill captures accessibility trees and screenshots from running applications to understand the UI state. It includes explicit safety instructions for the agent to avoid unnecessary logging or screenshotting of sensitive content and to respect user privacy.
- [PROMPT_INJECTION]: As the skill reads content from external applications such as Slack or web browsers, it is subject to indirect prompt injection. The skill mitigates this risk by instructing the agent to categorize actions (Safe vs. Needs Care) and requiring explicit user permission for high-stakes operations like sending messages or making purchases.
Audit Metadata