browser-automation
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/form_automation_builder.pytool generates Python scripts by interpolating form metadata (such as field names and labels) extracted from HTML files directly into dictionary literals within code templates. The absence of sanitization in this process allows for a code injection vulnerability. An attacker could craft a malicious HTML file with field names containing characters that break out of the string literal and inject arbitrary Python commands. If the resulting generated script is subsequently executed by a user, the injected code would run with the user's local privileges. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its reliance on untrusted external data (HTML files) to influence the logic of its generated outputs.
- Ingestion points: The
form_automation_builder.pyscript reads local HTML files provided via the--html-fileargument. - Boundary markers: There are no markers or delimiters used to separate user-provided data from the executable code structure in the generation templates.
- Capability inventory: The skill includes the ability to write generated files to the local filesystem.
- Sanitization: No validation or escaping is applied to the data extracted from HTML before it is used in code generation.
Audit Metadata