macpilot-ui-inspector
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface.
- Ingestion points: The skill ingests untrusted text from application interfaces via commands like
macpilot ui list,macpilot ui get-value, andmacpilot ui tree(detected in SKILL.md). - Boundary markers: Absent. The skill lacks delimiters or warnings to treat UI content as untrusted data.
- Capability inventory: The agent possesses impactful capabilities including
macpilot ui click,macpilot ui set-value(modifying UI state), andmacpilot click x y(detected in SKILL.md). - Sanitization: Absent. There is no evidence of validation or filtering of the strings retrieved from the UI hierarchy.
- COMMAND_EXECUTION (SAFE): The skill utilizes an external CLI tool
macpilotto perform accessibility operations. While this tool requires significant system permissions (Accessibility APIs), the skill's usage of it aligns with its stated purpose of UI inspection and interaction.
Audit Metadata