web-browse
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill manages untrusted web content with clear boundary markers. Ingestion points include web content via goto, read, snapshot, and extract actions. Boundary markers are provided via an explicit warning section and [PAGE_CONTENT: ...] delimiters. Capability inventory includes local command execution via web-ctl.js and browser-level actions. Sanitization is handled through agent-directed instructions to ignore embedded commands.
- [DATA_EXFILTRATION]: File upload macros are restricted to safe directories such as /tmp and WEB_CTL_UPLOAD_DIR, preventing unauthorized access to sensitive system files.
- [COMMAND_EXECUTION]: The evaluate action allows for JavaScript execution within the isolated browser context, which is a standard and documented feature of the skill's automation capabilities.
Audit Metadata