peekaboo
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides extensive capabilities for system-level automation on macOS, including launching/quitting applications, window management, and simulating human-like input such as mouse clicks, typing, and gestures.
- [EXTERNAL_DOWNLOADS]: Metadata specifies the installation of the peekaboo binary from a Homebrew tap (steipete/tap/peekaboo).
- [DATA_EXFILTRATION]: The skill can read from the macOS clipboard and capture screen/window content. While these are core features, they involve accessing potentially sensitive information.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. By reading screen content and window titles (e.g., via the see or image commands), the agent could ingest and follow malicious instructions embedded in visible UI elements.
- Ingestion points: Screen captures, UI maps, window titles, and clipboard content.
- Boundary markers: None identified.
- Capability inventory: Broad system interaction including input simulation, app control, and configuration management.
- Sanitization: No explicit sanitization of screen-read data is mentioned in the skill definition.
Audit Metadata