browser-automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and interact with data from external, untrusted web pages.
- Ingestion points: External web content is retrieved through
browser_query(usingtext,page_text, orlistmodes) andbrowser_snapshotas described in SKILL.md. - Boundary markers: The skill does not define explicit delimiters or instructions to treat browser-retrieved content as untrusted data rather than agent instructions.
- Capability inventory: The skill utilizes powerful primitives including
browser_navigate,browser_open_tab, and interaction tools like clicking, typing, and selecting elements based on queried data. - Sanitization: No sanitization, filtering, or validation of the content retrieved from the browser is mentioned in the workflow.
Audit Metadata