chrome-browser-automation
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks common to web-browsing agents.
- Ingestion points: The skill uses
get_page_textandread_page(documented inSKILL.mdandreferences/mcp-tool-reference.md) to extract content from arbitrary URLs. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when the agent processes extracted web content.
- Capability inventory: The skill can read/write local files (e.g.,
contacts.csv,products.csv) and navigate to authenticated services. - Sanitization: No specific sanitization or filtering logic is defined for the data retrieved via the browser tools before it is interpreted by the LLM.
Audit Metadata