computer-use-agents
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides implementation patterns for enabling AI agents to execute arbitrary shell commands via tools like 'BetaToolBash20241022' and control GUI elements using 'pyautogui'. This provides the model with extensive control over the OS environment.
- [DATA_EXFILTRATION]: The agent loop involves capturing frequent screenshots using 'pyautogui' or 'scrot' to provide visual state to the LLM. This process exposes potentially sensitive data visible on the screen to the AI model provider.
- [PROMPT_INJECTION]: By processing screen content from potentially untrusted sources (like web browsers or open documents), the skill creates an attack surface for indirect prompt injection. Malicious visual instructions could be interpreted by the vision model as valid agent commands.
Audit Metadata