Skills
skills/steelan9199/wechat-publisher-skill/pyautogui-automation/Gen Agent Trust Hub

pyautogui-automation

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/utils.py contains a function ensure_dependencies that automatically installs Python packages pyautogui and pillow using subprocess.check_call([sys.executable, '-m', 'pip', 'install', ...]) if they are missing. This occurs at runtime without explicit user approval.
  • [COMMAND_EXECUTION]: Through the pyautogui library, the skill can simulate any keyboard and mouse input. Specifically, the type_text and hotkey functions in scripts/keyboard.py can be used to execute commands in a terminal or manipulate sensitive applications if the focus is maliciously directed.
  • [DATA_EXFILTRATION]: The skill includes comprehensive screen capture functionality in scripts/screen.py. While it currently saves screenshots to local files, the ability to capture any part of the screen poses a risk of exposing sensitive information (e.g., passwords, private documents) visible on the desktop.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted text data via the --text argument in scripts/automation.py and processes it directly into keyboard simulation actions without any sanitization or boundary markers to prevent the execution of embedded instructions in a target application.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 08:14 PM