wuying-browser-use
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it processes content from arbitrary websites.
- Ingestion points: Web content retrieved via agent.browser.execute_task in scripts/browser-use.py.
- Boundary markers: Absent; user instructions are passed directly to the browser agent without isolation from web content.
- Capability inventory: Full browser control including navigation, form filling, and data extraction.
- Sanitization: No sanitization or filtering of external web content is performed.
- Data Exposure (LOW): The script manages credentials by reading from and writing to ~/.config/agentbay/api_key. While functional for the tool, this involves access to a sensitive path in the user's home directory.
- External Downloads (LOW): The skill requires the installation of wuying-agentbay-sdk, which is an external dependency not included in the list of trusted repositories.
Audit Metadata