ce-test-browser
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands using git, gh, and the vendor-provided agent-browser CLI to manage test scope and automate browser interactions.
- [DATA_EXFILTRATION]: Accesses sensitive local environment files (.env, .env.local, .env.development) to identify the development server's port. While the extraction is targeted at the PORT variable, reading these files is a security-sensitive operation as they commonly contain credentials and secrets.
- [PROMPT_INJECTION]: Susceptible to indirect prompt injection as it processes and acts upon untrusted data from multiple sources. * Ingestion points: Processes rendered web content via agent-browser snapshot, GitHub pull request details, and local documentation files. * Boundary markers: None identified. There are no explicit instructions or delimiters to prevent the agent from following commands embedded in the processed data. * Capability inventory: The agent can perform complex browser-based interactions and execute filesystem commands based on its analysis of this data. * Sanitization: The skill lacks explicit sanitization or validation of the data ingested from the browser or local files before interpreting it.
Audit Metadata