browser-workbench-setup
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to install necessary dependencies and browser binaries using the repository's preferred package manager (e.g., bun, npm, pnpm) and tool-specific commands like 'agent-browser install' and 'playwright install'.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of the 'playwright' package and the 'agent-browser' CLI from the official NPM registry and Vercel's GitHub repository, both of which are trusted sources.\n- [DATA_EXFILTRATION]: The skill reads repository environment variables and .env files to detect and configure authentication providers (e.g., Clerk, Auth0). It also handles browser session data (storageState). To mitigate data exposure, the skill explicitly directs the agent to add these files to the repository's .gitignore.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes repository files and external web content.\n
- Ingestion points: Repository configuration files and web content during automated browser sessions.\n
- Boundary markers: None identified to distinguish untrusted data within the instructions.\n
- Capability inventory: Full browser control, shell command execution, and file system access.\n
- Sanitization: No explicit sanitization of external content is specified.
Audit Metadata