peekaboo
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
peekabooCLI binary using a third-party Homebrew tap (steipete/tap/peekaboo) during the installation phase. - [COMMAND_EXECUTION]: The skill provides extensive capabilities to control the host system, including launching/quitting applications (
peekaboo app), interacting with system dialogs, and simulating mouse/keyboard input (click,type,drag,hotkey). It also includes aruncommand to execute.peekaboo.jsonscripts. - [DATA_EXFILTRATION]: The tool has the capability to access sensitive system information, including full-screen screenshots (
peekaboo image), application window hierarchies and annotations (peekaboo see), and reading/writing the system clipboard (peekaboo clipboard). - [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it ingests and processes untrusted data from the user interface.
- Ingestion points: Screen captures, UI element maps (OCR/AI analysis), and window titles are ingested through commands like
peekaboo seeandpeekaboo image. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded content in the captured UI data.
- Capability inventory: The agent can use the results of these captures to perform high-privilege actions like
click,type(including password entry), andapp launch. - Sanitization: No sanitization or filtering of the captured screen content is documented before the data is returned to the agent context.
Audit Metadata