Skills
NYC
skills/aidotnet/moyucode/puppeteer/Gen Agent Trust Hub

puppeteer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill installs the puppeteer package via npm. The source repository is maintained by Google, a trusted organization, which downgrades the risk of the download itself per the [TRUST-SCOPE-RULE].
  • [COMMAND_EXECUTION] (LOW): The tool launches a Chromium browser process as a subprocess to perform automation tasks. This is the primary and expected behavior for this utility.
  • [PROMPT_INJECTION] (LOW): Identified a surface for Indirect Prompt Injection (Category 8) as follows:
  • Ingestion points: The skill navigates to external URLs (page.goto) and processes arbitrary HTML strings (page.setContent), which are untrusted data sources.
  • Boundary markers: Absent. No delimiters or instructions are provided to the agent to ignore instructions embedded within the fetched web content.
  • Capability inventory: The skill can write files to the disk (PDFs and screenshots), navigate the network, and execute JavaScript in the browser context via page.evaluate.
  • Sanitization: Absent. There is no evidence of content sanitization or filtering before the agent processes or returns the data from the page.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:42 PM