corrinehu-kimi-searchzhihu
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and execute theagent-browserpackage from the public NPM registry. - [COMMAND_EXECUTION]: The skill executes multiple shell commands to control a headless or headed Chrome browser, manage authentication states, and take screenshots of the user's desktop environment or specific browser windows.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process content from Zhihu search results, which are untrusted external inputs.
- Ingestion points: Data enters the context through
npx agent-browser opencommands targeting Zhihu search result pages. - Boundary markers: No specific boundary markers or instructions to ignore embedded prompts are implemented in the search flow.
- Capability inventory: The skill possesses capabilities for browser interaction (fill, click), session management (clear, list), and file system writes (screenshots).
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the web before it is processed by the agent.
Audit Metadata