pywinauto
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of system-level operations by driving Windows applications. It can launch processes (
start), connect to existing ones (connect), and simulate user inputs such as clicks and keystrokes. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ability to read content from third-party application interfaces.
- Ingestion points: UI content is extracted via methods like
window_text()from edit boxes, list items, and tables as shown in the读取界面内容section ofSKILL.md. - Boundary markers: The provided documentation does not define specific delimiters or instructions to treat the read UI text as untrusted data.
- Capability inventory: The skill has extensive capabilities to interact with the OS, including
type_keys,click, and window management functions. - Sanitization: There is no evidence of sanitization or filtering applied to the text read from external applications before it is returned to the agent context.
Audit Metadata