Browser Automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The setup instructions require the agent to execute 'npm install', which downloads and installs external packages from the npm registry. These dependencies are executed on the host system and represent a supply chain risk.
- [Indirect Prompt Injection] (LOW): The skill is designed to interact with and extract data from external, untrusted websites via 'browser extract' and 'browser observe' commands. This creates a surface for indirect prompt injection where malicious instructions on a webpage could influence the agent's behavior. 1. Ingestion points: 'browser extract', 'browser observe', and visual screenshot analysis. 2. Boundary markers: No delimiters or warnings are used to isolate web content from agent instructions. 3. Capability inventory: The skill has access to the 'Bash' tool for execution. 4. Sanitization: No sanitization of extracted content is mentioned.
- [Command Execution] (LOW): The skill utilizes the 'Bash' tool to perform all browser operations and environment configuration (like 'npm link'), granting the agent significant system access.
Audit Metadata