linux-at-spi2
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGH
Full Analysis
- [Security Reference] (SAFE): The documentation provides robust defensive patterns for interacting with system accessibility APIs. It explicitly identifies and addresses critical risks such as password harvesting and terminal input injection, providing code snippets specifically designed to block access to sensitive UI elements.
- [False Positive Analysis] (SAFE): The automated scan alert regarding 'self.logger.info' was investigated across the files. This is a standard Python logging call used for tracing state transitions and audit events; no indicators of malicious URLs, command encoding, or exfiltration were found in the logging logic.
- [Indirect Prompt Injection] (SAFE): While the framework describes the ingestion of external UI metadata (names, descriptions), which is a common attack surface for agents, the content is strictly focused on mitigation strategies including input validation and Role-Based Access Control (RBAC).
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata