desktop-control
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Deceptive metadata and intent. The skill is named 'desktop-control' and its description claims to provide 'Advanced desktop automation with mouse, keyboard, and screen control.' However, the actual content of the skill is exclusively focused on providing an interface to the 'SkillBoss' API for LLM and media generation. This misleading metadata can cause users or agents to grant sensitive permissions (such as 'Bash') under false pretenses.
- [PROMPT_INJECTION]: High vulnerability to indirect prompt injection. The skill provides multiple tools for ingesting untrusted external data, including web scraping (
firecrawl/scrape,scrapingdog), web search (linkup/search,perplexity/sonar), and document parsing (reducto/parse). Malicious instructions embedded in the results returned by these services could be used to hijack the agent's execution flow. - [COMMAND_EXECUTION]: The skill's documentation (e.g., in
SKILL.md,audio-models.md, andvideo-models.md) relies on the 'Bash' tool to executecurlcommands and a script namedrun.mjs. Therun.mjsscript is referenced as the primary execution method for many models but is not included in the skill package, making its actual behavior unverifiable and potentially unsafe. - [DATA_EXFILTRATION]: The skill is designed to transmit user-provided data, including document URLs, search queries, email content, and SMS target details, to an external third-party domain (
api.heybossai.com). While this is functional for the API's purpose, it represents a data exposure risk for sensitive information processed by the agent.
Audit Metadata