Add agent desktop screen clipboard gates

[IvanchitorJR]

Skill Improvement ($50-150 Bounty)

Skill Modified

Skill name: agent-security
Skill path: skills/ai-security/agent-security/

Related review issue: #2452.

What Was Wrong

The agent-security skill already covers tool permissions, least privilege, human approval gates, blast radius, audit trails, rollback, and multi-agent trust boundaries. It did not explicitly treat desktop observation primitives as cross-application data sources.

That can create both false positives and missed findings:

• a tightly scoped desktop QA agent can be over-scored as full host access even when screenshots, clicks, and clipboard reads are window-scoped, redacted, memory-only, and approval-gated;
• a broad GUI agent can capture all monitors, OCR unrelated windows, read clipboard contents from other apps, and send that content externally even if it has no direct file-system or database tool.

What This PR Fixes

• Bumps agent-security to 1.0.3.
• Adds context inputs for desktop/browser automation scope and screen/OCR/clipboard policy.
• Adds a Desktop Observation and Clipboard Boundary Review step covering window/monitor scope, sensitive-screen handling, clipboard provenance, browser profile separation, external send gates, and retention.
• Adds explicit finding triggers AGENT-DESK-01 through AGENT-DESK-07.
• Extends the output template with Desktop Observation / Clipboard posture and a dedicated control-evidence table.
• Adds a common pitfall warning against treating desktop automation as just another narrow tool.
• Adds paired JSON fixtures for benign window-scoped QA automation and vulnerable full-screen OCR/clipboard exfiltration.

Evidence

Before:
A reviewer could see screenshot, click, or clipboard_read and classify the agent as broadly unsafe without checking whether those tools were constrained to a staging window, redacted, and approval-gated. Conversely, full-screen OCR plus silent clipboard reads could be missed because the skill focused on file, network, database, and registered tool access.

After:
The skill now requires reviewers to record screen scope, OCR/sensitive-screen handling, clipboard controls, browser profile separation, external transfer gates, and retention before scoring desktop automation risk.

Test Cases Added/Updated

• Added benign fixture: skills/ai-security/agent-security/tests/benign/desktop-qa-window-scoped-clipboard.json
• Added vulnerable fixture: skills/ai-security/agent-security/tests/vulnerable/fullscreen-ocr-clipboard-exfiltration.json
• Existing repository-style validations passed locally

Validation

• git diff --check
• git diff --cached --check
• Required frontmatter field check across skills/**/SKILL.md and roles/**/SKILL.md
• index.yaml referenced path existence check
• Markdown fence balance check for skills/ai-security/agent-security/SKILL.md
• JSON parse checks for both new fixtures
• Marker checks for Desktop Observation and Clipboard Boundary Review, AGENT-DESK-01 through AGENT-DESK-07, output table, and version history
• Workflow-equivalent prompt-injection pattern scan over skills and roles
• ASCII-only check for added fixtures

Duplicate Check

Checked open and closed PRs for:

• agent-security + desktop automation / screen / clipboard evidence gates
• agent-security + screenshot / OCR / clipboard / GUI automation
• desktop QA assistant / window-scoped clipboard
• AI agent screen capture and clipboard exfiltration

I did not find an existing PR implementing the desktop observation and clipboard boundary review requested by #2452.

Bounty Tier

• Minor ($50) - Doc update, small logic tweak, typo fix
• Moderate ($100) - New edge case coverage, false-positive reduction, and calibration fixtures
• Substantial ($150) - Rewritten detection logic, major coverage expansion

Bounty Info

• I have read and agree to the CONTRIBUTING.md bounty terms
• Preferred payment method: Payment details can be provided privately after maintainer acceptance.

[kamalsrini]

Thanks for contributing to SecuritySkills, and for your interest in the project 🙏

We're resetting the contribution queue, so we're closing the currently open PRs — this isn't a reflection of your work, and you're welcome to resubmit.

When you do, please include evidence that the skill was actually used: the skill run against a real repository, with the findings it produced. That's how we recognize genuinely useful contributions, and it's where strong work stands out. The PR template lays out exactly what to include: https://github.com/UnitOneAI/SecuritySkills/blob/main/.github/PULL_REQUEST_TEMPLATE.md