supaterm-computer-use
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
spCLI tool to perform system-level operations, including listing apps and windows, and launching processes with arbitrary arguments and environment variables. - [REMOTE_CODE_EXECUTION]: The
sp computer-use page execute-javascriptcommand allows for the execution of arbitrary JavaScript within browser contexts, which is a form of dynamic code execution. - [DATA_EXFILTRATION]: The skill can access potentially sensitive data by taking screenshots (
sp computer-use snapshot) and extracting text content from browsers (sp computer-use page get-text). This data is processed by the agent and could be used to expose private information found on the user's screen or within web applications. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted data from UI elements and web pages.
- Ingestion points: Accessibility element properties (role, title, value) in
references/snapshot-and-elements.mdand page text/DOM content inreferences/actions.md. - Boundary markers: Absent; there are no instructions to the agent to distinguish between its own system instructions and commands potentially found within the processed UI or web data.
- Capability inventory: Extensive system interaction capabilities including shell commands via the
spCLI tool, simulated input (typing, clicking, key presses), and browser JavaScript execution. - Sanitization: No sanitization or validation of external data is specified before it is ingested and used by the agent to make decisions.
Audit Metadata