stagehand-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The documentation describes functions (
act,extract) that interpret natural language to control a browser. This creates an attack surface for Indirect Prompt Injection. Evidence Chain: 1. Ingestion points: natural language strings inact()andextract()methods inapi-reference.md. 2. Boundary markers: None documented. 3. Capability inventory: Full browser manipulation (clicking, typing, navigation) and structured data extraction. 4. Sanitization: None specified in the reference documentation. - NO_CODE (SAFE): The skill package contains only Markdown reference documentation and troubleshooting guides; no executable code files (e.g., .js, .py, .sh) were provided in the analyzed content.
Audit Metadata