peekaboo
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'peekaboo' binary via a third-party Homebrew tap ('steipete/tap/peekaboo'). This source is not part of the trusted vendor list and represents an unverified external dependency.
- [COMMAND_EXECUTION]: The skill executes various system-level commands through the 'peekaboo' CLI to automate UI actions, including launching/quitting applications, managing windows, and simulating mouse/keyboard interaction.
- [DATA_EXFILTRATION]: The skill provides tools to capture screenshots ('image', 'see'), record video ('capture'), and read the system clipboard ('clipboard read'), allowing access to potentially sensitive user data.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection. 1. Ingestion points: The 'see' and 'image' commands use an '--analyze' flag to process screen content, and the 'clipboard' tool reads external text. 2. Boundary markers: No delimiters or ignore-instructions are used to isolate ingested content. 3. Capability inventory: The skill has extensive control over system inputs and application management. 4. Sanitization: There is no evidence of sanitization for text extracted from the UI before it is processed by the model.
Audit Metadata