peekaboo
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs a binary from a third-party Homebrew tap (steipete/tap/peekaboo). This repository is not included in the pre-defined trusted vendors list.
- [COMMAND_EXECUTION]: The CLI tool allows for extensive control over the macOS operating system, including application management (launch, quit, relaunch) and UI interaction (clicking, typing, pasting). It also supports running automation scripts via the run command.
- [DATA_EXFILTRATION]: The skill provides functions to capture screen images, record video, and read the system clipboard. These capabilities can expose sensitive user information displayed on the screen or stored in the clipboard to the AI agent.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by capturing and analyzing visual information from the screen. 1. Ingestion points: Screen captures and UI metadata via see and capture commands. 2. Boundary markers: None identified in the skill instructions. 3. Capability inventory: High-impact actions including simulated typing, clicking, and app management. 4. Sanitization: No sanitization of captured visual data is performed.
Audit Metadata