pyautogui-automation
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill dynamically installs external packages during execution.
scripts/utils.pycontains logic to check for and installpyautoguiandpillowusingpip installvia a subprocess if they are not already present.- [COMMAND_EXECUTION]: The skill executes system-level commands to manage its environment.
scripts/utils.pyusessubprocess.check_callto invoke thepippackage manager, which involves executing external processes with the agent's privileges.- [PROMPT_INJECTION]: The documentation contains potentially ambiguous instructions for the agent.
SKILL.mdincludes a table entry| "xxx" | 直接执行 xxx |(Directly execute xxx), which might encourage the agent to execute arbitrary user input without sufficient validation or context checking.- [DATA_EXFILTRATION]: The skill possesses capabilities to access highly sensitive desktop data.
scripts/screen.pycan capture full-screen or regional screenshots, which may inadvertently include passwords, private communications, or other sensitive information displayed on the user's monitor.- [REMOTE_CODE_EXECUTION]: While no direct remote code execution was found, the combination of dynamic package installation and simulated keyboard input creates a significant attack surface.
scripts/keyboard.pyallows typing arbitrary text, which could be used to execute commands in a terminal or run scripts if the agent is influenced by malicious external data (Indirect Prompt Injection).
Audit Metadata