peekaboo
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's metadata specifies the installation of an external binary via a third-party Homebrew tap (
steipete/tap/peekaboo). This binary is executed to perform all skill functions, representing the execution of unverifiable external code. - [COMMAND_EXECUTION]: The skill provides a comprehensive suite of commands to control the host system, including:
- Simulating keyboard input (
type,hotkey,press) - Mouse and gesture automation (
click,drag,move,scroll,swipe) - Application and window management (
app,window,dock,menu) - Executing arbitrary scripts via
peekaboo runwith JSON payloads. - [DATA_EXFILTRATION]: The skill facilitates the capture and potential exposure of sensitive information through multiple vectors:
peekaboo imageandpeekaboo seecapture screen content, windows, and menu bars.peekaboo clipboardreads and writes to the system clipboard.peekaboo configmanages credentials and model provider settings.- The
seeandimagecommands support an--analyzeflag, which likely sends captured visual data to external LLM providers for processing. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: Data is ingested from the macOS UI via
peekaboo see,peekaboo image, andpeekaboo list(SKILL.md). - Boundary markers: None present; there are no instructions to the agent to ignore or delimit instructions found within the captured UI data.
- Capability inventory: Extensive system control capabilities including keystroke injection, file system access via
open, and application launching (SKILL.md). - Sanitization: No evidence of sanitization or filtering of the text or visual data captured from the screen before it is processed by the agent.
Audit Metadata