peekabo
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the installation and execution of the
@steipete/peekaboopackage from NPM (via bunx/npx) and a third-party Homebrew tap. - [COMMAND_EXECUTION]: The skill uses a CLI tool to perform high-privilege GUI operations, such as simulating keystrokes (
type), executing global hotkeys (hotkey), and launching applications (app launch). It also supports executing automation sequences from JSON files viapeekaboo run. - [DATA_EXFILTRATION]: The
seeandimagecommands capture screenshots and detailed UI element trees (including labels and text) from the host system. This data may include sensitive information visible on the screen, such as passwords in cleartext, private communications, or financial data. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted UI element data from external applications.
- Ingestion points: UI element labels and window contents are ingested via
peekaboo see,peekaboo list windows, andpeekaboo menu list. - Boundary markers: None; there are no instructions provided to the agent to distinguish between UI labels and potential embedded instructions.
- Capability inventory: The skill possesses significant capabilities to influence the system, including
click,type,press, andspace switch. - Sanitization: No evidence of sanitization or filtering of UI text before it is processed by the agent.
Audit Metadata