Skills
skills/aws-samples/sample-strands-agent-with-agentcore/browser-automation/Gen Agent Trust Hub

browser-automation

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for Indirect Prompt Injection (Category 8) due to its core functionality.
  • Ingestion points: Untrusted content is ingested into the agent context from external websites via the browser_navigate, browser_act, and browser_extract tools.
  • Boundary markers: The skill definition does not specify any delimiters or instructions for the agent to disregard potential instructions embedded within the fetched web content.
  • Capability inventory: The agent is granted capabilities to perform UI interactions (clicking, typing), extract structured data, and manage browser tabs, which could be misused if influenced by malicious web content.
  • Sanitization: There are no mechanisms defined to sanitize or filter the content retrieved from rendered pages before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 01:02 AM