Skills
skills/aktsmm/agent-skills/browser-max-automation/Gen Agent Trust Hub

browser-max-automation

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the use of npx @playwright/mcp@latest, which downloads the official Playwright Model Context Protocol server from the npm registry.
  • [COMMAND_EXECUTION]: The documentation provides PowerShell commands for users to launch browsers with remote debugging enabled via the --remote-debugging-port flag.
  • [REMOTE_CODE_EXECUTION]: The skill provides a browser_run_code command that allows the execution of arbitrary JavaScript within the browser context to perform complex automation.
  • [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection.
  • Ingestion points: browser_snapshot and browser_navigate (SKILL.md) ingest external web content into the agent context.
  • Boundary markers: No delimiters or safety instructions are defined to separate skill instructions from potentially malicious content found on web pages.
  • Capability inventory: The skill possesses powerful interaction tools including browser_run_code, browser_click, and browser_type (SKILL.md).
  • Sanitization: No sanitization or filtering of the DOM or accessibility tree data is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:12 AM