claude-browser
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns, hardcoded credentials, or direct prompt injections were detected in the skill documentation.
- [NO_CODE]: The skill consists of documentation and interface definitions for existing MCP tools; no additional scripts or executable code are included in the package.
- [PROMPT_INJECTION]: The skill defines an interface that reads untrusted data from the web, creating a potential surface for indirect prompt injection. 1. Ingestion points: The
read_page,read_console_messages, andread_network_requeststools ingest content from external websites into the agent's context. 2. Boundary markers: No delimiters or explicit instructions to ignore instructions embedded in ingested content are present. 3. Capability inventory: The skill possesses high-privilege capabilities includingform_input,computer(mouse/keyboard simulation), andjavascript_tool(JS execution in-browser). 4. Sanitization: No sanitization or validation of ingested web content is described in the documentation.
Audit Metadata