peekaboo
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill initiates the installation of a binary from a third-party Homebrew tap (
steipete/tap/peekaboo). This source is external and does not belong to the predefined list of trusted organizations or repositories. - [COMMAND_EXECUTION] (MEDIUM): The skill is built around executing a powerful CLI tool that can drive system input, manage applications, and execute local script files (
peekaboo run). - [DATA_EXFILTRATION] (LOW): The tool has the capability to read sensitive system data, including the clipboard (
peekaboo clipboard) and screen contents (peekaboo image,peekaboo see). Although no automated external transmission is defined in the skill, the exposure of this data to an AI agent presents a risk of accidental or malicious data handling. - [PRIVILEGE_ESCALATION] (LOW): The tool requires 'Screen Recording' and 'Accessibility' permissions on macOS. While these are necessary for the tool's primary purpose, they grant significant control over the user's operating system.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill creates a surface for indirect prompt injection by processing data from the UI that may be controlled by third parties (e.g., website content in a browser window).
- Ingestion points: Screen captures and UI analysis via
peekaboo seeandpeekaboo image --analyze, as well as clipboard reading. - Boundary markers: None identified in the skill instructions to separate UI-derived data from system instructions.
- Capability inventory: Significant capabilities including
click,type,app launch/quit, andrun(script execution). - Sanitization: No evidence of sanitization or filtering of the captured UI text or clipboard data.
Audit Metadata