agentation-self-driving
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
agent-browserCLI tool to perform web automation tasks. It constructs and executes shell commands for opening URLs, taking snapshots, and simulating mouse interactions. These commands include placeholders like<url>which could be sensitive to shell injection if the inputs are not properly sanitized by the calling environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it autonomously critiques and interacts with external web page content. A malicious actor could embed instructions within a page's HTML or metadata to influence the agent's behavior.
- Ingestion points: Untrusted data is ingested from web pages via
agent-browser snapshot -iand the results ofagent-browser evalcalls. - Boundary markers: No specific delimiters or "ignore instructions" warnings are utilized when the agent processes the retrieved page content.
- Capability inventory: The skill has broad capabilities including full browser interaction (clicks, typing, navigation) and JavaScript execution via the
agent-browsertool. - Sanitization: There is no evidence of sanitization or validation of the page content before it is processed by the agent to determine its next actions.
Audit Metadata