chrome-automation
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
pkill -f chromeandpkill -f chromium(via shell orchild_process.execSync) to manage system resources. These commands are documented as mandatory cleanup steps to prevent memory leaks and CPU exhaustion after automation tasks complete. - [EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted automation libraries, including Puppeteer, Playwright, Selenium, and Cypress. These are standard tools for the skill's stated purpose of web automation and testing.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it processes content from external URLs.
- Ingestion points:
page.goto(url)and data extraction viapage.$$evalinSKILL.md. - Boundary markers: Absent.
- Capability inventory: Shell command execution (
pkill), file writing (screenshot,pdf,trace.json), and network navigation. - Sanitization: Not specified in the provided templates. This is a common characteristic of web scraping tools and does not escalate the verdict for this use case.
- [SAFE]: All file operations (saving screenshots and PDFs) and network requests are consistent with the intended functionality of a browser automation tool.
Audit Metadata