Skills
skills/browserbase/skills/safe-browser/Gen Agent Trust Hub

safe-browser

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill and the provided template script access and encourage copying environment configuration files from a hardcoded local path: ~/Developer/scratchpad/.env.
  • [COMMAND_EXECUTION]: Uses shell commands to install dependencies (npm install), install browser binaries (npx playwright install), and execute the demo application (node hn-scraper-demo.mjs).
  • [EXTERNAL_DOWNLOADS]: Fetches the @anthropic-ai/claude-agent-sdk library from a trusted source and the Playwright automation framework.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process untrusted external content from Hacker News.
  • Ingestion points: Data is extracted from news.ycombinator.com via the extractFrontPage and extractComments functions in hn-scraper-demo.mjs.
  • Boundary markers: The safe_browser tool acts as a runtime boundary, restricting the agent to specific tool calls and enforcing a domain allowlist.
  • Capability inventory: The script utilizes Playwright and CDP for browser navigation, screenshot capture, and structured data extraction.
  • Sanitization: The skill implements hostname normalization and enforces a domain allowlist via CDP Fetch interception to prevent off-domain navigation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 10:44 PM