Desktop Control
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The 'scripts/install.py' script downloads the 'uv' installer from the well-known Astral.sh service to manage project dependencies.
- [REMOTE_CODE_EXECUTION]: The installation script executes the 'uv' installer via a shell pipe in 'scripts/install.py'; this is a standard installation pattern for the 'uv' tool and is considered safe given the trusted source.
- [COMMAND_EXECUTION]: The skill uses 'subprocess' and system utilities like 'osascript', 'wmctrl', and 'xdotool' in 'desktop_agent/commands/app.py' to open and manage applications across different operating systems.
- [PROMPT_INJECTION]: The skill exposes a 'message password' command in 'desktop_agent/commands/message.py' that allows the agent to create a native password input dialog, which could be misused to collect sensitive data.
- [PROMPT_INJECTION]: The skill ingests untrusted screen content via OCR in 'desktop_agent/commands/screen.py' (read-all-text) without sanitization, which combined with keyboard and application control creates a surface for indirect prompt injection attacks.
Audit Metadata