windows-qa-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The setup process involves cloning the UFO framework directly from Microsoft's official GitHub repository (github.com/microsoft/UFO). As Microsoft is a trusted organization, this is considered a safe and necessary dependency for the skill's primary functionality.- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection because it reads text content from the User Interface of the application under test.
- Ingestion points: UI text is retrieved from the system via the 'texts' and 'get_app_window_controls_info' tools defined in 'scripts/ufo_windows_qa_mcp_server.py'.
- Boundary markers: No specific delimiters or safety instructions are implemented to prevent the agent from accidentally executing instructions found within the UI text of a tested application.
- Capability inventory: The skill allows the agent to interact with the host system's UI through 'click_input', 'set_edit_text', and 'keyboard_input' via the 'AppUIExecutor' server.
- Sanitization: The skill does not perform sanitization or validation of the text retrieved from the UI before it is processed by the agent.
Audit Metadata