Skills
skills/vm0-ai/vm0-skills/computer-use/Gen Agent Trust Hub

computer-use

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx -p @vm0/cli to download and execute the vendor's command-line interface from the NPM registry. This is the primary mechanism for the skill's functionality.
  • [COMMAND_EXECUTION]: The skill performs multiple shell commands through the CLI to manage desktop state, including listing running applications, opening new app instances, and simulating user input (clicks, typing, key presses).
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from external application accessibility trees and screenshots.
  • Ingestion points: Reads application state files (appState) and screenshots from potentially untrusted desktop applications like browsers or Slack.
  • Boundary markers: None present; the agent parses raw text and JSON filtered by rg or node -e.
  • Capability inventory: Full GUI control including click, type-text, set-value, and open-app.
  • Sanitization: Uses filtering tools like rg and node -e to locate specific elements, but does not implement validation to prevent the execution of instructions embedded in the UI data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 01:52 AM
Security Audit — agent-trust-hub — computer-use