macpilot-screenshot-ocr
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the use of the
macpilotcommand-line utility for desktop automation. Documented capabilities include taking screenshots, screen recording, opening applications, and simulating keyboard input (macpilot keyboard). These commands grant the agent significant control over the user interface and system state. - [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection through its OCR functionality. Malicious text contained within a screenshot or image could potentially influence the agent's subsequent actions once extracted.
- Ingestion points: Untrusted content enters the agent context via the
macpilot ocrcommand as described inSKILL.md. - Boundary markers: The skill does not define specific delimiters or warning instructions to help the agent distinguish OCR-extracted text from system instructions.
- Capability inventory: The agent possesses powerful capabilities that could be abused if an injection is successful, specifically the ability to simulate keyboard input and manage applications.
- Sanitization: There is no evidence of sanitization or validation of the text output generated by the OCR process before it is utilized by the agent.
Audit Metadata