lightpanda-browser
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches pre-compiled binary files from a remote third-party source.
- Evidence: SKILL.md contains curl commands targeting releases from the github.com/lightpanda-io/browser repository.
- [REMOTE_CODE_EXECUTION]: Downloads and executes code from an external repository.
- Evidence: The installation process involves downloading a binary file followed by
chmod a+xand direct execution of the resulting file. - [COMMAND_EXECUTION]: Utilizes superuser privileges for system-level operations.
- Evidence: The build-from-source instructions include
sudo apt installfor managing system dependencies. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via untrusted web content ingestion.
- Ingestion points: The skill fetches and renders content from arbitrary URLs using
page.goto()in SKILL.md. - Boundary markers: Lacks specific delimiters or instructions to separate untrusted web content from system instructions.
- Capability inventory: Enables network interaction, file writing, and binary execution.
- Sanitization: No sanitization or filtering logic is detected for processing fetched HTML or text.
Recommendations
- AI detected serious security threats
Audit Metadata