peekaboo
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the required 'peekaboo' binary via the Homebrew package manager using a third-party tap ('steipete/tap/peekaboo').
- [COMMAND_EXECUTION]: The skill utilizes the 'peekaboo' CLI to perform extensive macOS automation, including mouse events, keyboard input, and application life-cycle management.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the analysis of screen content and clipboard data.
- Ingestion points: Untrusted data enters via screen captures ('see', 'image') and clipboard reads ('clipboard').
- Boundary markers: No explicit delimiters are used to separate UI-extracted text from agent instructions.
- Capability inventory: The 'peekaboo' binary provides broad OS interaction capabilities including clicking, typing, and window management.
- Sanitization: There is no evidence of sanitization for text content extracted from the UI before it is processed by the agent.
Audit Metadata