browse
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of shell commands through the
browseandbbCLIs to perform browser actions and manage deployments. It also involves usingnpmandpnpmfor installing dependencies and initializing local projects. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of official packages from the NPM registry, specifically
@browserbasehq/browse-cliand@browserbasehq/sdk-functions. These are trusted resources belonging to the skill's author, Browserbase. - [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists because the skill is designed to navigate to and extract data from arbitrary external websites.
- Ingestion points: Content enters the agent context via
browse open,browse snapshot, andpage.goto()calls which load remote web pages. - Boundary markers: Absent; the instructions do not specify delimiters or warnings to ignore instructions found within the scraped web content.
- Capability inventory: The agent has the ability to execute shell commands, perform network requests, and manage local files.
- Sanitization: No explicit sanitization or filtering of the ingested web content is described in the skill files.
Audit Metadata