Desktop Control

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The 'scripts/install.py' script downloads the 'uv' installer from the well-known Astral.sh service to manage project dependencies.
  • [REMOTE_CODE_EXECUTION]: The installation script executes the 'uv' installer via a shell pipe in 'scripts/install.py'; this is a standard installation pattern for the 'uv' tool and is considered safe given the trusted source.
  • [COMMAND_EXECUTION]: The skill uses 'subprocess' and system utilities like 'osascript', 'wmctrl', and 'xdotool' in 'desktop_agent/commands/app.py' to open and manage applications across different operating systems.
  • [PROMPT_INJECTION]: The skill exposes a 'message password' command in 'desktop_agent/commands/message.py' that allows the agent to create a native password input dialog, which could be misused to collect sensitive data.
  • [PROMPT_INJECTION]: The skill ingests untrusted screen content via OCR in 'desktop_agent/commands/screen.py' (read-all-text) without sanitization, which combined with keyboard and application control creates a surface for indirect prompt injection attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 03:28 AM
Security Audit — agent-trust-hub — Desktop Control