peekaboo
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill requires an external binary installed via a third-party Homebrew repository (
steipete/tap/peekaboo). This represents a dependency on code not hosted by the skill author or a trusted vendor list member.\n- [PRIVILEGE_ESCALATION]: The CLI requires high-level system permissions, specifically 'Accessibility' and 'Screen Recording', which grant the agent broad control over the operating system and visibility into other applications.\n- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its vision analysis features.\n - Ingestion points: Screen captures and UI metadata frames processed via the
--analyzeflag in theimageandseecommands.\n - Boundary markers: None provided in the documentation to separate UI text from agent instructions.\n
- Capability inventory: Significant capabilities including
click,type,paste,app launch,windowmanagement, and script execution (run).\n - Sanitization: No evidence of text filtering or instruction sanitization for visual content analysis.\n- [DYNAMIC_EXECUTION]: The
peekaboo runcommand allows for the execution of.peekaboo.jsonscripts, providing a mechanism for running dynamically defined automation sequences.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The tool can access sensitive system data, including clipboard content via theclipboardcommand and screen content viacaptureandimagecommands.
Audit Metadata