Skills
skills/malue-ai/dazee-small/peekaboo/Gen Agent Trust Hub

peekaboo

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the peekaboo binary via Homebrew from a third-party tap (steipete/tap/peekaboo).
  • [COMMAND_EXECUTION]: Provides extensive control over the macOS interface, including simulating mouse clicks, keyboard input, application management, and script execution (peekaboo run).
  • [CREDENTIALS_UNSAFE]: The peekaboo config command provides functionality to manage and view credentials and provider configurations.
  • [DATA_EXFILTRATION]: The skill can access sensitive information through screen captures (peekaboo image, peekaboo see), clipboard reading (peekaboo clipboard), and listing active applications and windows.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted UI content (e.g., window titles, screen text via vision analysis) which could contain malicious instructions.
  • Ingestion points: Screen captures and UI metadata via see, capture, image, and list commands.
  • Boundary markers: None identified in the provided command examples.
  • Capability inventory: Full UI interaction (click, type, drag, hotkey), clipboard manipulation, application management, and script execution.
  • Sanitization: None identified for processed UI data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 04:20 PM