peekaboo
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill serves as a wrapper for the
peekabooCLI, enabling a wide range of system-level commands to automate UI interactions, manage applications, control windows, and execute JSON-based automation scripts. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: Screen content captured via
see --analyzeandimage --analyzecommands. - Boundary markers: No specific delimiters or instructions to ignore embedded content are present in the skill definition.
- Capability inventory: The skill possesses extensive capabilities including mouse/keyboard control, application management, clipboard access, and script execution.
- Sanitization: No evidence of sanitization or filtering of captured screen text before it is processed by the analysis model.
- [DATA_EXFILTRATION]: The skill includes commands to read the system clipboard (
clipboard) and capture screenshots or video of the screen (see,image,capture). While these are intended features for automation, they provide the agent with access to potentially sensitive information visible on the user's desktop. - [EXTERNAL_DOWNLOADS]: The skill's metadata specifies the installation of an external binary from a third-party Homebrew tap (
steipete/tap/peekaboo).
Audit Metadata