browser
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions prompt the agent to install the 'browse' utility from the npm registry using 'npm install -g browse'. This is a recognized vendor resource intended for the skill's primary function.
- [COMMAND_EXECUTION]: The skill uses the 'browse' CLI to execute various browser commands, including navigation ('browse open'), interaction ('browse click', 'browse type'), and state management ('browse snapshot').
- [COMMAND_EXECUTION]: The 'browse eval' command enables the execution of JavaScript within the browser's context, which is a standard feature for advanced web automation but represents a dynamic execution surface.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its core functionality of ingesting external web content.
- Ingestion points: Untrusted data enters the agent's context through 'browse snapshot', 'browse get text', and 'browse get html' as seen in REFERENCE.md.
- Boundary markers: No explicit delimiters or 'ignore' instructions are provided to the agent for handling the scraped data.
- Capability inventory: The agent possesses high capabilities, including full browser interaction, form submission, and JavaScript execution.
- Sanitization: No specific sanitization or filtering of external content is documented within the skill files.
Audit Metadata