browser-automation
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it ingests data from external websites that could contain malicious instructions.\n
- Ingestion points: The skill uses tools like
browser_snapshot,browser_get, andbrowser_networkto read data from web pages.\n - Boundary markers: No delimiters or instructions are used to distinguish between system prompts and untrusted web content.\n
- Capability inventory: The skill provides tools for network navigation (
browser_navigate), script execution (browser_evaluate), and form interaction (browser_fill,browser_click).\n - Sanitization: There is no evidence of sanitization for the data retrieved from external URLs.\n- [COMMAND_EXECUTION]: The
browser_evaluatetool allows the execution of arbitrary JavaScript. If the agent generates scripts based on content found on a website, it could lead to the execution of malicious code in the browser context.
Audit Metadata