desktop-windows-layout
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute a variety of system-level CLI tools including
wmctrl,xdotool,qdbus, andxprop. These tools allow the agent to manipulate the user's desktop environment, move windows, and change system states. While this is the intended functionality, it grants the agent significant control over the local graphical session. - [DATA_EXFILTRATION]: The skill uses the
scrotutility to capture screenshots of the desktop, saving them to the/tmpdirectory. While intended for verifying layout, this capability allows the agent to access any sensitive information visible on the user's screen, which constitutes a data exposure risk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the environment, specifically window titles retrieved via
wmctrlandxdotool. - Ingestion points: Window titles are retrieved using
wmctrl -landxdotool getwindownameand used for matching and identification. - Boundary markers: None are implemented; the skill processes window titles as raw strings.
- Capability inventory: The skill has the ability to capture screenshots (
scrot), move/resize windows (wmctrl,xdotool), and invoke KWin shortcuts viaqdbus. - Sanitization: There is no evidence of sanitization or filtering of window titles before they are processed by the agent's logic.
Audit Metadata