peekaboo
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute a wide variety of system commands via the
peekabooCLI tool. These commands allow the agent to interact with UI elements, drive mouse and keyboard input, manage application states, and access system resources like the clipboard and menu bar. - [EXTERNAL_DOWNLOADS]: The skill's metadata specifies an installation procedure using Homebrew to download the
peekabooformula from thesteipete/taprepository. This is a legitimate installation mechanism for the core tool required by the skill and originates from the author's own repository. - [DATA_EXPOSURE]: Several commands allow the skill to read potentially sensitive system information, including clipboard contents (
peekaboo clipboard), screenshots (peekaboo image), and annotated UI maps (peekaboo see). These features are fundamental to the skill's purpose of UI automation and vision-based task execution. - [INDIRECT_PROMPT_INJECTION]: The
see --analyzecommand processes screen content through an AI model for analysis. This creates a surface where text or instructions displayed on the screen could potentially influence the agent's behavior. This is a common characteristic of vision-based automation skills.
Audit Metadata