File Organization : This skill uses split structure. Main SKILL.md contains core decision-making context. See for detailed implementations. 1. Overview Risk Level : HIGH - System-level access, process manipulation, input injection capabilities You are an expert in Windows UI Automation with deep expertise in: - UI Automation Framework : UIA patterns, control patterns, automation elements - Win32 API Integration : Window management, message passing, input simulation - Accessibility Services : Screen readers, assistive technology interfaces - Process Security : Safe automation boundaries, privi…

\n return bool(re.match(pattern, identifier))\n```\n\n### Property Value Sanitization\n```python\ndef sanitize_property_value(value: str, max_length: int = 1000) -> str:\n \"\"\"Sanitize property values before use.\"\"\"\n if not value:\n return ''\n\n # Truncate to max length\n value = value[:max_length]\n\n # Remove control characters\n value = ''.join(char for char in value if ord(char) >= 32 or char in '\\n\\r\\t')\n\n return value\n```\n\n---\n\n## Audit Logging Examples\n\n```python\nimport json\nimport logging\nfrom datetime import datetime\n\nclass UIAuditLogger:\n \"\"\"Comprehensive audit logging for UI Automation.\"\"\"\n\n def __init__(self):\n self.logger = logging.getLogger('uia.audit')\n self.logger.setLevel(logging.INFO)\n\n def log_operation(\n self,\n operation: str,\n target_process: str,\n target_element: str,\n permission_tier: str,\n success: bool,\n error: str = None\n ):\n \"\"\"Log automation operation.\"\"\"\n record = {\n 'timestamp': datetime.utcnow().isoformat(),\n 'event_type': 'uia_operation',\n 'operation': operation,\n 'target': {\n 'process': target_process,\n 'element': target_element,\n },\n 'context': {\n 'permission_tier': permission_tier,\n 'success': success,\n 'error': error,\n }\n }\n\n self.logger.info(json.dumps(record))\n\n def log_blocked_access(\n self,\n reason: str,\n target_process: str,\n operation: str\n ):\n \"\"\"Log blocked access attempt.\"\"\"\n record = {\n 'timestamp': datetime.utcnow().isoformat(),\n 'event_type': 'uia_blocked',\n 'reason': reason,\n 'target_process': target_process,\n 'attempted_operation': operation,\n }\n\n self.logger.warning(json.dumps(record))\n```\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":8573,"content_sha256":"a3ba4a15e3bfca4936eaee0ce1e4684219a3d7fcc2a8de87c4d394f6be9addf6"},{"filename":"references/threat-model.md","content":"# Windows UI Automation - Threat Model\n\n## Threat Model Overview\n\n**Domain Risk Level**: HIGH\n**Attack Surface**: System-wide window access, input injection, process interaction\n\n### Assets to Protect\n\n1. **User Credentials** - Sensitivity: CRITICAL\n - Passwords, tokens, API keys visible in application windows\n2. **Sensitive Data** - Sensitivity: HIGH\n - Financial data, personal information, business documents\n3. **System Integrity** - Sensitivity: CRITICAL\n - Prevention of unauthorized system changes via automation\n4. **User Privacy** - Sensitivity: HIGH\n - Screen content, application usage patterns\n\n### Threat Actors\n\n1. **Malware Authors** - Automated data theft via UIA\n2. **Malicious Insiders** - Abuse of automation privileges\n3. **Supply Chain Attackers** - Compromised automation libraries\n\n---\n\n## Attack Scenario 1: Privilege Escalation via UIA\n\n**Threat Category**: OWASP A01:2025 - Broken Access Control\n**Threat Level**: CRITICAL\n\n**Attack Description**: Attacker uses UI Automation to interact with elevated processes, gaining higher privileges.\n\n**Attack Flow**:\n```\n1. Attacker runs low-privilege automation client\n2. Enumerates windows to find elevated process (e.g., admin cmd)\n3. Uses UIA to send input to elevated window\n4. Executes commands with admin privileges\n5. Installs persistence, exfiltrates data\n```\n\n**Impact**:\n- **Confidentiality**: CRITICAL - Full system access\n- **Integrity**: CRITICAL - System modification\n- **Availability**: HIGH - System destruction possible\n\n**Mitigation**:\n```python\ndef block_elevation_crossing(source_pid: int, target_pid: int):\n \"\"\"Prevent automation across elevation boundaries.\"\"\"\n source_token = get_process_token(source_pid)\n target_token = get_process_token(target_pid)\n\n if is_elevated(target_token) and not is_elevated(source_token):\n raise SecurityError(\"Cannot automate elevated process from non-elevated context\")\n```\n\n---\n\n## Attack Scenario 2: Credential Theft via Screen Scraping\n\n**Threat Category**: OWASP A07:2025 - Authentication Failures\n**Threat Level**: CRITICAL\n\n**Attack Description**: Malware uses UIA to read password fields and credential dialogs.\n\n**Attack Flow**:\n```\n1. Monitor for password manager windows\n2. Use UIA to enumerate text elements\n3. Read password field values (if accessible)\n4. Capture Windows credential dialogs\n5. Exfiltrate credentials\n```\n\n**Mitigation**:\n```python\nCREDENTIAL_INDICATORS = [\n 'password', 'secret', 'pin', 'credential', 'token'\n]\n\ndef is_credential_element(element_name: str) -> bool:\n \"\"\"Detect and block access to credential elements.\"\"\"\n return any(ind in element_name.lower() for ind in CREDENTIAL_INDICATORS)\n\ndef get_element_value(element) -> str:\n if is_credential_element(element.name):\n audit_log('blocked_credential_access', element.name)\n raise SecurityError(\"Access to credential elements blocked\")\n return element.value\n```\n\n---\n\n## Attack Scenario 3: Input Injection to Bypass Security\n\n**Threat Category**: OWASP A05:2025 - Injection\n**Threat Level**: CRITICAL\n\n**Attack Description**: Automated input injection to approve security prompts without user consent.\n\n**Attack Flow**:\n```\n1. Malware triggers UAC prompt\n2. Uses SendInput to simulate Enter key\n3. UAC prompt approved without user\n4. Malware gains elevation\n```\n\n**Mitigation**:\n```python\nSECURITY_WINDOW_CLASSES = ['#32770', 'Credential Dialog Xaml Host']\n\ndef block_security_dialog_input(target_hwnd: int):\n \"\"\"Block input to security dialogs.\"\"\"\n class_name = get_window_class(target_hwnd)\n if class_name in SECURITY_WINDOW_CLASSES:\n raise SecurityError(\"Input to security dialogs blocked\")\n```\n\n---\n\n## Attack Scenario 4: Malicious Automation Library\n\n**Threat Category**: OWASP A03:2025 - Supply Chain Failures\n**Threat Level**: HIGH\n\n**Attack Description**: Compromised automation library (pywinauto, comtypes) executes malicious code.\n\n**Attack Flow**:\n```\n1. Attacker publishes trojanized pywinauto\n2. Developer installs malicious package\n3. Library exfiltrates automation targets\n4. Sensitive data stolen\n```\n\n**Mitigation**:\n- Pin dependency versions\n- Verify package hashes\n- Use private package registry\n- Regular security audits\n\n---\n\n## Attack Scenario 5: Runaway Automation DoS\n\n**Threat Category**: OWASP A10:2025 - Exceptional Conditions\n**Threat Level**: MEDIUM\n\n**Attack Description**: Automation without timeouts consumes resources or hangs system.\n\n**Attack Flow**:\n```\n1. Automation script enters infinite loop\n2. Continuous input injection\n3. System becomes unresponsive\n4. User locked out\n```\n\n**Mitigation**:\n```python\nclass AutomationGuard:\n \"\"\"Prevent runaway automation.\"\"\"\n\n MAX_OPERATIONS = 1000\n MAX_DURATION = 300 # seconds\n\n def __init__(self):\n self.operation_count = 0\n self.start_time = time.time()\n\n def check_limits(self):\n self.operation_count += 1\n\n if self.operation_count > self.MAX_OPERATIONS:\n raise AutomationError(\"Operation limit exceeded\")\n\n if time.time() - self.start_time > self.MAX_DURATION:\n raise AutomationError(\"Duration limit exceeded\")\n```\n\n---\n\n## STRIDE Analysis\n\n| Category | Threats | Mitigations | Priority |\n|----------|---------|-------------|----------|\n| **Spoofing** | Fake process identity | Process hash verification, signature check | HIGH |\n| **Tampering** | Modify automation targets | Integrity checks, sandboxing | CRITICAL |\n| **Repudiation** | Deny automation actions | Immutable audit logs | HIGH |\n| **Information Disclosure** | Read sensitive UI content | Element blocklists, redaction | CRITICAL |\n| **Denial of Service** | Resource exhaustion | Timeouts, rate limits | MEDIUM |\n| **Elevation of Privilege** | Cross-elevation automation | Token validation, boundary checks | CRITICAL |\n\n---\n\n## Security Controls Summary\n\n### Preventive Controls\n- Process validation before automation\n- Blocked application list\n- Permission tier enforcement\n- Input rate limiting\n- Elevation boundary checks\n\n### Detective Controls\n- Comprehensive audit logging\n- Anomaly detection\n- Failed access attempt alerts\n- Resource usage monitoring\n\n### Corrective Controls\n- Automatic session termination on violations\n- Incident response procedures\n- Credential rotation after suspected compromise\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":6311,"content_sha256":"0c04cb58d33f7f898d64fea226a4e55228e10313633366d03b9509bc66edb2c2"}],"content_json":{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"File Organization","type":"text","marks":[{"type":"strong"}]},{"text":": This skill uses split structure. Main SKILL.md contains core decision-making context. See ","type":"text"},{"text":"references/","type":"text","marks":[{"type":"code_inline"}]},{"text":" for detailed implementations.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"1. Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Risk Level","type":"text","marks":[{"type":"strong"}]},{"text":": HIGH - System-level access, process manipulation, input injection capabilities","type":"text"}]},{"type":"paragraph","content":[{"text":"You are an expert in Windows UI Automation with deep expertise in:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"UI Automation Framework","type":"text","marks":[{"type":"strong"}]},{"text":": UIA patterns, control patterns, automation elements","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Win32 API Integration","type":"text","marks":[{"type":"strong"}]},{"text":": Window management, message passing, input simulation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Accessibility Services","type":"text","marks":[{"type":"strong"}]},{"text":": Screen readers, assistive technology interfaces","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Process Security","type":"text","marks":[{"type":"strong"}]},{"text":": Safe automation boundaries, privilege management","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"You excel at:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Automating Windows desktop applications safely and reliably","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Implementing robust element discovery and interaction patterns","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Managing automation sessions with proper security controls","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Building accessible automation that respects system boundaries","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Core Expertise Areas","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"UI Automation APIs","type":"text","marks":[{"type":"strong"}]},{"text":": IUIAutomation, IUIAutomationElement, Control Patterns","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Win32 Integration","type":"text","marks":[{"type":"strong"}]},{"text":": SendInput, SetForegroundWindow, EnumWindows","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Security Controls","type":"text","marks":[{"type":"strong"}]},{"text":": Process validation, permission tiers, audit logging","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Error Handling","type":"text","marks":[{"type":"strong"}]},{"text":": Timeout management, element state verification","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Core Principles","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"TDD First","type":"text","marks":[{"type":"strong"}]},{"text":" - Write tests before implementation code","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Performance Aware","type":"text","marks":[{"type":"strong"}]},{"text":" - Optimize element discovery and caching","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Security First","type":"text","marks":[{"type":"strong"}]},{"text":" - Validate processes, enforce permissions, audit all operations","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Fail Safe","type":"text","marks":[{"type":"strong"}]},{"text":" - Timeouts, graceful degradation, proper cleanup","type":"text"}]}]}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"2. Core Responsibilities","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"2.1 Safe Automation Principles","type":"text"}]},{"type":"paragraph","content":[{"text":"When performing UI automation, you will:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Validate target processes","type":"text","marks":[{"type":"strong"}]},{"text":" before any interaction","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Enforce permission tiers","type":"text","marks":[{"type":"strong"}]},{"text":" (read-only, standard, elevated)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Block sensitive applications","type":"text","marks":[{"type":"strong"}]},{"text":" (password managers, security tools, admin consoles)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Log all operations","type":"text","marks":[{"type":"strong"}]},{"text":" for audit trails","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Implement timeouts","type":"text","marks":[{"type":"strong"}]},{"text":" to prevent runaway automation","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"2.2 Security-First Approach","type":"text"}]},{"type":"paragraph","content":[{"text":"Every automation operation MUST:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Verify process identity and integrity","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Check against blocked application list","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Validate user authorization level","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Log operation with correlation ID","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Enforce timeout limits","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"2.3 Accessibility Compliance","type":"text"}]},{"type":"paragraph","content":[{"text":"All automation must:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Respect accessibility APIs and screen reader compatibility","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Not interfere with assistive technologies","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Maintain UI state consistency","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Handle focus management properly","type":"text"}]}]}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"3. Technical Foundation","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"3.1 Core Technologies","type":"text"}]},{"type":"paragraph","content":[{"text":"Primary Framework","type":"text","marks":[{"type":"strong"}]},{"text":": Windows UI Automation (UIA)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Recommended","type":"text","marks":[{"type":"strong"}]},{"text":": Windows 10/11 with UIA v3","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Minimum","type":"text","marks":[{"type":"strong"}]},{"text":": Windows 7 with UIA v2","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Avoid","type":"text","marks":[{"type":"strong"}]},{"text":": Legacy MSAA-only approaches","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Key Dependencies","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"UIAutomationClient.dll # Core UIA COM interfaces\nUIAutomationCore.dll # UIA runtime\nuser32.dll # Win32 input/window APIs\nkernel32.dll # Process management","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"3.2 Essential Libraries","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Library","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Purpose","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Security Notes","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"comtypes","type":"text","marks":[{"type":"code_inline"}]},{"text":" / ","type":"text"},{"text":"pywinauto","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Python UIA bindings","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Validate element access","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"UIAutomationClient","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":".NET UIA wrapper","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Use with restricted permissions","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Win32 API","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Low-level control","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Requires careful input validation","type":"text"}]}]}]}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"4. Implementation Patterns","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 1: Secure Element Discovery","type":"text"}]},{"type":"paragraph","content":[{"text":"When to use","type":"text","marks":[{"type":"strong"}]},{"text":": Finding UI elements for automation","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"from comtypes.client import GetModule, CreateObject\nimport hashlib\nimport logging\n\nclass SecureUIAutomation:\n \"\"\"Secure wrapper for UI Automation operations.\"\"\"\n\n BLOCKED_PROCESSES = {\n 'keepass.exe', '1password.exe', 'lastpass.exe', # Password managers\n 'mmc.exe', 'secpol.msc', 'gpedit.msc', # Admin tools\n 'regedit.exe', 'cmd.exe', 'powershell.exe', # System tools\n 'taskmgr.exe', 'procexp.exe', # Process tools\n }\n\n def __init__(self, permission_tier: str = 'read-only'):\n self.permission_tier = permission_tier\n self.uia = CreateObject('UIAutomationClient.CUIAutomation')\n self.logger = logging.getLogger('uia.security')\n self.operation_timeout = 30 # seconds\n\n def find_element(self, process_name: str, element_id: str) -> 'UIElement':\n \"\"\"Find element with security validation.\"\"\"\n # Security check: blocked processes\n if process_name.lower() in self.BLOCKED_PROCESSES:\n self.logger.warning(\n 'blocked_process_access',\n process=process_name,\n reason='security_policy'\n )\n raise SecurityError(f\"Access to {process_name} is blocked\")\n\n # Find process window\n root = self.uia.GetRootElement()\n condition = self.uia.CreatePropertyCondition(\n 30003, # UIA_NamePropertyId\n process_name\n )\n\n element = root.FindFirst(4, condition) # TreeScope_Children\n\n if element:\n self._audit_log('element_found', process_name, element_id)\n\n return element\n\n def _audit_log(self, action: str, process: str, element: str):\n \"\"\"Log operation for audit trail.\"\"\"\n self.logger.info(\n f'uia.{action}',\n extra={\n 'process': process,\n 'element': element,\n 'permission_tier': self.permission_tier,\n 'correlation_id': self._get_correlation_id()\n }\n )","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 2: Safe Input Simulation","type":"text"}]},{"type":"paragraph","content":[{"text":"When to use","type":"text","marks":[{"type":"strong"}]},{"text":": Sending keyboard/mouse input to applications","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"import ctypes\nfrom ctypes import wintypes\nimport time\n\nclass SafeInputSimulator:\n \"\"\"Input simulation with security controls.\"\"\"\n\n # Blocked key combinations\n BLOCKED_COMBINATIONS = [\n ('ctrl', 'alt', 'delete'),\n ('win', 'r'), # Run dialog\n ('win', 'x'), # Power user menu\n ]\n\n def __init__(self, permission_tier: str):\n if permission_tier == 'read-only':\n raise PermissionError(\"Input simulation requires 'standard' or 'elevated' tier\")\n\n self.permission_tier = permission_tier\n self.rate_limit = 100 # max inputs per second\n self._input_count = 0\n self._last_reset = time.time()\n\n def send_keys(self, keys: str, target_hwnd: int):\n \"\"\"Send keystrokes with validation.\"\"\"\n # Rate limiting\n self._check_rate_limit()\n\n # Validate target window\n if not self._is_valid_target(target_hwnd):\n raise SecurityError(\"Invalid target window\")\n\n # Check for blocked combinations\n if self._is_blocked_combination(keys):\n raise SecurityError(f\"Key combination '{keys}' is blocked\")\n\n # Ensure target has focus\n if not self._safe_set_focus(target_hwnd):\n raise AutomationError(\"Could not set focus to target\")\n\n # Send input\n self._send_input_safe(keys)\n\n def _check_rate_limit(self):\n \"\"\"Prevent input flooding.\"\"\"\n now = time.time()\n if now - self._last_reset > 1.0:\n self._input_count = 0\n self._last_reset = now\n\n self._input_count += 1\n if self._input_count > self.rate_limit:\n raise RateLimitError(\"Input rate limit exceeded\")","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 3: Process Validation","type":"text"}]},{"type":"paragraph","content":[{"text":"When to use","type":"text","marks":[{"type":"strong"}]},{"text":": Before any automation interaction","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"import psutil\nimport hashlib\n\nclass ProcessValidator:\n \"\"\"Validate processes before automation.\"\"\"\n\n def __init__(self):\n self.known_hashes = {} # Load from secure config\n\n def validate_process(self, pid: int) -> bool:\n \"\"\"Validate process identity and integrity.\"\"\"\n try:\n proc = psutil.Process(pid)\n\n # Check process name against blocklist\n if proc.name().lower() in BLOCKED_PROCESSES:\n return False\n\n # Verify executable integrity (optional, HIGH security)\n exe_path = proc.exe()\n if not self._verify_integrity(exe_path):\n return False\n\n # Check process owner\n if not self._check_owner(proc):\n return False\n\n return True\n\n except psutil.NoSuchProcess:\n return False\n\n def _verify_integrity(self, exe_path: str) -> bool:\n \"\"\"Verify executable hash against known good values.\"\"\"\n if exe_path not in self.known_hashes:\n return True # Skip if no hash available\n\n with open(exe_path, 'rb') as f:\n file_hash = hashlib.sha256(f.read()).hexdigest()\n\n return file_hash == self.known_hashes[exe_path]","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 4: Timeout Enforcement","type":"text"}]},{"type":"paragraph","content":[{"text":"When to use","type":"text","marks":[{"type":"strong"}]},{"text":": All automation operations","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"import signal\nfrom contextlib import contextmanager\n\nclass TimeoutManager:\n \"\"\"Enforce operation timeouts.\"\"\"\n\n DEFAULT_TIMEOUT = 30 # seconds\n MAX_TIMEOUT = 300 # 5 minutes absolute max\n\n @contextmanager\n def timeout(self, seconds: int = DEFAULT_TIMEOUT):\n \"\"\"Context manager for operation timeout.\"\"\"\n if seconds > self.MAX_TIMEOUT:\n seconds = self.MAX_TIMEOUT\n\n def handler(signum, frame):\n raise TimeoutError(f\"Operation timed out after {seconds}s\")\n\n old_handler = signal.signal(signal.SIGALRM, handler)\n signal.alarm(seconds)\n\n try:\n yield\n finally:\n signal.alarm(0)\n signal.signal(signal.SIGALRM, old_handler)\n\n# Usage\ntimeout_mgr = TimeoutManager()\n\nwith timeout_mgr.timeout(10):\n element = automation.find_element('notepad.exe', 'Edit1')","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"5. Security Standards","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"5.1 Critical Vulnerabilities (Top 5)","type":"text"}]},{"type":"paragraph","content":[{"text":"Research Date","type":"text","marks":[{"type":"strong"}]},{"text":": 2025-01-15","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"1. UI Automation Privilege Escalation (CVE-2023-28218)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Severity","type":"text","marks":[{"type":"strong"}]},{"text":": HIGH","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]},{"text":": UIA can be abused to inject input into elevated processes","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Mitigation","type":"text","marks":[{"type":"strong"}]},{"text":": Validate process elevation level before interaction","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"2. SendInput Injection (CVE-2022-30190)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Severity","type":"text","marks":[{"type":"strong"}]},{"text":": CRITICAL","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]},{"text":": Input injection to bypass security prompts","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Mitigation","type":"text","marks":[{"type":"strong"}]},{"text":": Block input to UAC dialogs, security prompts","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"3. Window Message Spoofing (CWE-290)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Severity","type":"text","marks":[{"type":"strong"}]},{"text":": HIGH","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]},{"text":": Spoofed messages to privileged windows","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Mitigation","type":"text","marks":[{"type":"strong"}]},{"text":": Validate message origin, use UIPI","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"4. Process Token Theft (CVE-2021-1732)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Severity","type":"text","marks":[{"type":"strong"}]},{"text":": CRITICAL","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]},{"text":": Win32k elevation via token manipulation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Mitigation","type":"text","marks":[{"type":"strong"}]},{"text":": Run with minimum required privileges","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"5. Accessibility API Abuse (CWE-269)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Severity","type":"text","marks":[{"type":"strong"}]},{"text":": HIGH","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]},{"text":": UIA used to access restricted content","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Mitigation","type":"text","marks":[{"type":"strong"}]},{"text":": Implement process blocklists, audit logging","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"For complete vulnerability analysis","type":"text","marks":[{"type":"strong"}]},{"text":": See ","type":"text"},{"text":"references/security-examples.md","type":"text","marks":[{"type":"code_inline"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"5.2 OWASP Top 10 2025 Mapping","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"OWASP ID","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Category","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Risk for UIA","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Mitigation","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"A01:2025","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Broken Access Control","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"CRITICAL","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Process validation, permission tiers","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"A02:2025","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Security Misconfiguration","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"HIGH","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Secure defaults, minimal privileges","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"A03:2025","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Supply Chain Failures","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"MEDIUM","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Verify Win32 API bindings","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"A05:2025","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Injection","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"CRITICAL","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Input validation, blocklists","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"A07:2025","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Authentication Failures","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"HIGH","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Process identity verification","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"For detailed OWASP guidance","type":"text","marks":[{"type":"strong"}]},{"text":": See ","type":"text"},{"text":"references/security-examples.md","type":"text","marks":[{"type":"code_inline"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"5.3 Permission Tier Model","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"PERMISSION_TIERS = {\n 'read-only': {\n 'allowed_operations': ['find_element', 'get_property', 'get_pattern'],\n 'blocked_operations': ['send_input', 'click', 'set_value'],\n 'timeout': 30,\n },\n 'standard': {\n 'allowed_operations': ['find_element', 'get_property', 'send_input', 'click'],\n 'blocked_operations': ['elevated_process_access', 'system_keys'],\n 'timeout': 60,\n },\n 'elevated': {\n 'allowed_operations': ['*'],\n 'blocked_operations': ['admin_tools', 'security_software'],\n 'timeout': 120,\n 'requires_approval': True,\n }\n}","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"6. Implementation Workflow (TDD)","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 1: Write Failing Test First","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"# tests/test_ui_automation.py\nimport pytest\nfrom unittest.mock import MagicMock, patch\n\nclass TestSecureUIAutomation:\n \"\"\"TDD tests for UI automation security.\"\"\"\n\n def test_blocks_password_manager_access(self, automation):\n \"\"\"Test that blocked processes are rejected.\"\"\"\n with pytest.raises(SecurityError, match=\"blocked\"):\n automation.find_element('keepass.exe', 'PasswordField')\n\n def test_validates_process_before_input(self, automation):\n \"\"\"Test process validation before any input.\"\"\"\n with patch.object(automation, '_validate_process') as mock_validate:\n mock_validate.return_value = False\n with pytest.raises(SecurityError):\n automation.send_keys('test', hwnd=12345)\n mock_validate.assert_called_once()\n\n def test_enforces_rate_limiting(self, input_simulator):\n \"\"\"Test input rate limiting prevents flooding.\"\"\"\n for _ in range(100):\n input_simulator.send_keys('a', hwnd=12345)\n with pytest.raises(RateLimitError):\n input_simulator.send_keys('a', hwnd=12345)\n\n def test_timeout_prevents_hanging(self, automation):\n \"\"\"Test timeout enforcement on element search.\"\"\"\n with pytest.raises(TimeoutError):\n with automation.timeout(0.001):\n automation.find_element('app.exe', 'NonExistent')\n\[email protected]\ndef automation():\n return SecureUIAutomation(permission_tier='standard')","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 2: Implement Minimum to Pass","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"class SecureUIAutomation:\n BLOCKED_PROCESSES = {'keepass.exe', '1password.exe'}\n\n def find_element(self, process_name: str, element_id: str):\n if process_name.lower() in self.BLOCKED_PROCESSES:\n raise SecurityError(f\"Access to {process_name} is blocked\")\n # Minimal implementation","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 3: Refactor with Full Patterns","type":"text"}]},{"type":"paragraph","content":[{"text":"Apply security patterns from Section 4 after tests pass.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 4: Run Full Verification","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Run all tests with coverage\npytest tests/test_ui_automation.py -v --cov=src/automation --cov-report=term-missing\n\n# Run security-specific tests\npytest tests/ -k \"security or blocked\" -v\n\n# Type checking\nmypy src/automation --strict","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"7. Performance Patterns","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 1: Element Caching","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"# BAD: Re-find element every operation\nfor i in range(100):\n element = uia.find_element('app.exe', 'TextField')\n element.send_keys(str(i))\n\n# GOOD: Cache element reference\nelement = uia.find_element('app.exe', 'TextField')\nfor i in range(100):\n if element.is_valid():\n element.send_keys(str(i))\n else:\n element = uia.find_element('app.exe', 'TextField')","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 2: Scope Limiting","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"# BAD: Search from root every time\nroot = uia.GetRootElement()\nelement = root.FindFirst(TreeScope.Descendants, condition) # Searches entire desktop\n\n# GOOD: Narrow search scope\napp_window = uia.find_window('notepad.exe')\nelement = app_window.FindFirst(TreeScope.Children, condition) # Only direct children","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 3: Async Operations","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"# BAD: Blocking wait for element\nwhile not element.is_enabled():\n time.sleep(0.1) # Blocks thread\n\n# GOOD: Async with timeout\nimport asyncio\n\nasync def wait_for_element(element, timeout=10):\n start = asyncio.get_event_loop().time()\n while not element.is_enabled():\n if asyncio.get_event_loop().time() - start > timeout:\n raise TimeoutError(\"Element not enabled\")\n await asyncio.sleep(0.05) # Non-blocking","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 4: COM Object Pooling","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"# BAD: Create new COM object per operation\ndef find_element(name):\n uia = CreateObject('UIAutomationClient.CUIAutomation') # Expensive\n return uia.GetRootElement().FindFirst(...)\n\n# GOOD: Reuse COM object\nclass UIAutomationPool:\n _instance = None\n\n @classmethod\n def get_automation(cls):\n if cls._instance is None:\n cls._instance = CreateObject('UIAutomationClient.CUIAutomation')\n return cls._instance","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 5: Condition Optimization","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"# BAD: Multiple sequential conditions\nname_cond = uia.CreatePropertyCondition(UIA_NamePropertyId, 'Submit')\ntype_cond = uia.CreatePropertyCondition(UIA_ControlTypeId, ButtonControl)\nelement = root.FindFirst(TreeScope.Descendants, name_cond)\nif element.ControlType != ButtonControl:\n element = None\n\n# GOOD: Combined condition for single search\nand_cond = uia.CreateAndCondition(\n uia.CreatePropertyCondition(UIA_NamePropertyId, 'Submit'),\n uia.CreatePropertyCondition(UIA_ControlTypeId, ButtonControl)\n)\nelement = root.FindFirst(TreeScope.Descendants, and_cond)","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"8. Common Mistakes","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"8.1 Critical Security Anti-Patterns","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Never: Automate Without Process Validation","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"# BAD: No validation\nelement = uia.find_element_by_name('Password')\nelement.send_keys(password)\n\n# GOOD: Full validation\nif validator.validate_process(target_pid):\n if automation.permission_tier != 'read-only':\n element = automation.find_element(process_name, 'Password')\n element.send_keys(password)","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Never: Skip Timeout Enforcement","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"# BAD: No timeout\nelement = uia.find_element(condition) # Could hang forever\n\n# GOOD: With timeout\nwith timeout_mgr.timeout(10):\n element = uia.find_element(condition)","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Never: Allow System Key Combinations","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"python"},"content":[{"text":"# BAD: Allow any keys\ndef send_keys(keys):\n SendInput(keys)\n\n# GOOD: Block dangerous combinations\ndef send_keys(keys):\n if is_blocked_combination(keys):\n raise SecurityError(\"Blocked key combination\")\n SendInput(keys)","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"13. Pre-Implementation Checklist","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Phase 1: Before Writing Code","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Read threat model in ","type":"text"},{"text":"references/threat-model.md","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Identify target processes and required permission tier","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Write failing tests for security requirements","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Write failing tests for expected functionality","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Define timeout limits for all operations","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Phase 2: During Implementation","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Implement minimum code to pass security tests first","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Process validation for all target interactions","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Blocked application list configured","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Permission tier enforcement active","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Input rate limiting implemented","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Timeout enforcement on all operations","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Audit logging for all actions","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Phase 3: Before Committing","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"All tests pass: ","type":"text"},{"text":"pytest tests/ -v","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Security tests pass: ","type":"text"},{"text":"pytest tests/ -k security","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Type checking passes: ","type":"text"},{"text":"mypy src/automation --strict","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No hardcoded credentials or sensitive data","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Audit logs properly configured","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Performance targets met (element lookup \u003c100ms)","type":"text"}]}]}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"14. Summary","type":"text"}]},{"type":"paragraph","content":[{"text":"Your goal is to create Windows UI automation that is:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Secure","type":"text","marks":[{"type":"strong"}]},{"text":": Strict process validation, permission tiers, and audit logging","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Reliable","type":"text","marks":[{"type":"strong"}]},{"text":": Timeout enforcement, error handling, and state verification","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Accessible","type":"text","marks":[{"type":"strong"}]},{"text":": Respects accessibility APIs and assistive technologies","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"You understand that UI automation carries significant security risks. You balance automation power with strict controls, ensuring operations are logged, validated, and bounded.","type":"text"}]},{"type":"paragraph","content":[{"text":"Security Reminders","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Always validate target process identity","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Never automate blocked security applications","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Enforce timeouts on all operations","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Log every operation with correlation IDs","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Implement permission tiers appropriate to risk","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Automation should enhance productivity while maintaining system security boundaries.","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"References","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Advanced Patterns","type":"text","marks":[{"type":"strong"}]},{"text":": See ","type":"text"},{"text":"references/advanced-patterns.md","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Security Examples","type":"text","marks":[{"type":"strong"}]},{"text":": See ","type":"text"},{"text":"references/security-examples.md","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Threat Model","type":"text","marks":[{"type":"strong"}]},{"text":": See ","type":"text"},{"text":"references/threat-model.md","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"windows-ui-automation","model":"sonnet","author":"@skillopedia","source":{"stars":38,"repo_name":"claude-skills-generator","origin_url":"https://github.com/martinholovsky/claude-skills-generator/blob/HEAD/skills/windows-ui-automation/SKILL.md","repo_owner":"martinholovsky","body_sha256":"12d77b1264d9d1373a4da82cd2b848df915d3217db4ee31a9beb74c9b45d6561","cluster_key":"596ca0e0a5f3ec69e714f4a9bed7dce5d554dacc25faf570f0a658e589a2a8d4","clean_bundle":{"format":"clean-skill-bundle-v1","source":"martinholovsky/claude-skills-generator/skills/windows-ui-automation/SKILL.md","attachments":[{"id":"3b044941-46c8-5198-9eb1-9c4c13735d9d","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/3b044941-46c8-5198-9eb1-9c4c13735d9d/attachment.md","path":"references/advanced-patterns.md","size":6819,"sha256":"2f75ef0ebe0567811b40c679b93cf8699802f2ad8fc1224de50bab5e57176fbe","contentType":"text/markdown; charset=utf-8"},{"id":"b80ce0bb-1bc5-5bb9-8bff-5edf5aef359b","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/b80ce0bb-1bc5-5bb9-8bff-5edf5aef359b/attachment.md","path":"references/security-examples.md","size":8573,"sha256":"a3ba4a15e3bfca4936eaee0ce1e4684219a3d7fcc2a8de87c4d394f6be9addf6","contentType":"text/markdown; charset=utf-8"},{"id":"d0757c37-679b-5df7-9972-2b16193bd09a","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/d0757c37-679b-5df7-9972-2b16193bd09a/attachment.md","path":"references/threat-model.md","size":6311,"sha256":"0c04cb58d33f7f898d64fea226a4e55228e10313633366d03b9509bc66edb2c2","contentType":"text/markdown; charset=utf-8"}],"bundle_sha256":"377f15ee1462316ee1de760ca7dd85c05c6047d9ae493000bafbf4060f3f17e8","attachment_count":3,"text_attachments":3,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":0,"excluded_attachments":[]},"cluster_size":1,"skill_md_path":"skills/windows-ui-automation/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"security","category_label":"Security"},"exact_dupes_collapsed_into_this":0},"version":"v1","category":"security","import_tag":"clean-skills-v1","risk_level":"HIGH","description":"Expert in Windows UI Automation (UIA) and Win32 APIs for desktop automation. Specializes in accessible, secure automation of Windows applications including element discovery, input simulation, and process interaction. HIGH-RISK skill requiring strict security controls for system access."}},"renderedAt":1782987970730}

File Organization : This skill uses split structure. Main SKILL.md contains core decision-making context. See for detailed implementations. 1. Overview Risk Level : HIGH - System-level access, process manipulation, input injection capabilities You are an expert in Windows UI Automation with deep expertise in: - UI Automation Framework : UIA patterns, control patterns, automation elements - Win32 API Integration : Window management, message passing, input simulation - Accessibility Services : Screen readers, assistive technology interfaces - Process Security : Safe automation boundaries, privi…