browser-agent
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates interaction with live web pages and reading of their content ('Read DOM', 'Read console'). This creates a surface for indirect prompt injection where malicious instructions embedded in a web page could attempt to influence the agent's behavior. Ingestion points: live web content (SKILL.md); Boundary markers: None; Capability inventory: click, type, execute JS, navigate (SKILL.md); Sanitization: None specified.
- [COMMAND_EXECUTION]: Provides functionality to 'Execute JS' within the browser context. This capability is used for its primary purpose of UI verification and is accompanied by explicit safety instructions to limit operations to read-only actions and avoid mutating authentication states.
- [EXTERNAL_DOWNLOADS]: Mentions installing a Chrome extension via the official Chrome Web Store. This is a standard prerequisite using a well-known, trusted service.
- [DATA_EXFILTRATION]: The skill enables reading browser content and taking screenshots. It includes explicit warnings against using these features to exfiltrate cookies or authentication data, which acts as a policy-based mitigation against data exposure.
Audit Metadata