browser-automation
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
agent-browserCLI tool to perform browser automation tasks, including navigation, element interaction, and JavaScript execution within the page context. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection. By allowing the agent to fetch and process content from external websites, there is a risk that malicious instructions embedded in those pages could influence the agent's subsequent actions.
- Ingestion points: Web content retrieved via
agent-browser navigate,snapshot, andexecutecommands (SKILL.md). - Boundary markers: None provided in the instructions to help the agent distinguish between untrusted web data and authoritative instructions.
- Capability inventory: The agent is granted access to sensitive tools such as
Bash,Read, andWrite(SKILL.md frontmatter). - Sanitization: The skill does not define any validation or sanitization logic for the data extracted from external URLs.
Audit Metadata