Skills
skills/termix-official/cryptoclaw/peekaboo/Gen Agent Trust Hub

peekaboo

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the peekaboo CLI tool via a Homebrew tap (steipete/tap/peekaboo). This is an external binary dependency required for the skill's operation.
  • [COMMAND_EXECUTION]: The skill executes extensive system-level automation commands through the CLI, including launching/quitting applications, managing windows, and running local automation scripts via the peekaboo run command.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it extracts text and metadata from the screen to drive agent actions.
  • Ingestion points: Screen content and UI element labels captured via peekaboo see and peekaboo image (SKILL.md).
  • Boundary markers: Absent; no explicit instructions are provided to the agent to ignore or delimit instructions found within the UI text.
  • Capability inventory: High-impact capabilities including simulated typing (type), clicking (click), clipboard access (clipboard), and application management (app).
  • Sanitization: None; the skill does not appear to sanitize or validate text found on screen before interpreting it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:15 AM