Skills
skills/turixai/turix-cua/turix-mac/Gen Agent Trust Hub

turix-mac

Warn

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/run_turix.sh script executes local Python processes using the conda run command to initiate the TuriX CUA agent.
  • [EXTERNAL_DOWNLOADS]: The README.md provides instructions to download and install core components from the author's GitHub repository (github.com/TurixAI/TuriX-CUA).
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted visual data from the macOS desktop.
  • Ingestion points: The agent captures the screen and performs visual tasks on any open application, including web browsers containing external content (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded visual commands are implemented to prevent the agent from following instructions found on the screen.
  • Capability inventory: The agent can simulate clicks, keyboard input, and navigate UIs, providing a broad range of actions that could be misused if influenced by malicious visual data (scripts/run_turix.sh).
  • Sanitization: The skill lacks mechanisms to sanitize or validate visual information extracted from the screen before processing it through its 'Brain' or 'Planner' models.
  • [COMMAND_EXECUTION]: The README.md instructs users to manually grant Accessibility and Screen Recording permissions to several system binaries (Terminal, VS Code, Node, Python), which bypasses standard macOS security boundaries to allow the agent full GUI control.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 12:56 PM