omni-vu
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- DATA_EXFILTRATION (MEDIUM): The
vu_describetool captures the user's screen and transmits image data to third-party AI providers (Claude, OpenAI, Gemini) for processing. This presents a risk of exposing sensitive information visible on the display, such as credentials, private communications, or internal documents. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection via visual content. Ingestion points: Screen captures processed by
vu_describe. Boundary markers: None; the AI interprets the raw visual scene. Capability inventory: Full GUI control includingvu_click,vu_type, andvu_hotkey. Sanitization: None; the vision model attempts to interpret all visible text as potential context or instruction. - COMMAND_EXECUTION (MEDIUM): Automation tools like
vu_typeandvu_hotkeyallow the agent to simulate keyboard input and system shortcuts. This can be used to execute arbitrary shell commands (e.g., by opening a terminal) if the agent is manipulated via prompt injection. - PRIVILEGE_ESCALATION (MEDIUM): The skill requires the user to grant high-privilege macOS permissions: 'Screen Recording' and 'Accessibility'. These permissions provide the agent with broad visibility and control over the operating system environment.
Audit Metadata