lightpanda-browser
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a technical manual for the Lightpanda project, providing legitimate usage examples and configuration details.
- [EXTERNAL_DOWNLOADS]: The installation section references binary downloads from the project's official GitHub repository, which is a well-known service.
- [COMMAND_EXECUTION]: Provides standard commands for system package installation and file permission management common in developer tools.
- [PROMPT_INJECTION]: The skill describes web scraping capabilities, which inherently involve an indirect prompt injection surface when processing untrusted web content.
- Ingestion points: Integration examples in SKILL.md using page.goto(), page.content(), and page.evaluate().
- Boundary markers: Absent; the provided code snippets do not include logic to delimit or ignore instructions found in scraped data.
- Capability inventory: SKILL.md documentation describes full CDP support, including navigation and JavaScript execution.
- Sanitization: Absent; the integration examples do not demonstrate sanitization or validation of the ingested HTML content.
Audit Metadata