Skills
skills/aradotso/trending-skills/pi-computer-use/Gen Agent Trust Hub

pi-computer-use

Warn

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches implementation logic and native helpers from GitHub (github.com/injaneity/pi-computer-use) and the NPM registry (@injaneity/pi-computer-use).
  • [COMMAND_EXECUTION]: Executes a native Swift bridge binary located at ~/.pi/agent/helpers/pi-computer-use/bridge to interact with macOS system APIs.
  • [DATA_EXFILTRATION]: Provides a screenshot tool that captures window images and Accessibility (AX) tree state, exposing sensitive screen content to the agent context.
  • [COMMAND_EXECUTION]: Grants the agent the ability to perform low-level input actions including click, keypress, type_text, and drag, which allows for arbitrary interaction with the host operating system.
  • [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect injection as it ingests untrusted data from application windows.
  • Ingestion points: Screen captures and accessibility tree data returned by the screenshot and list_windows tools.
  • Boundary markers: None identified in the skill instructions to separate untrusted window content from agent instructions.
  • Capability inventory: Full GUI control via tools like click, keypress, and set_text.
  • Sanitization: No evidence of content sanitization or filtering before processing window state.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 25, 2026, 05:48 PM