test-browser
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automatically installs the 'agent-browser' package globally via 'npm install -g agent-browser' if the command is not found on the system.
- [COMMAND_EXECUTION]: The skill executes shell commands using 'git', 'gh' (GitHub CLI), and 'grep' to determine test scope and environment settings, as well as invoking the 'agent-browser' utility for automation.
- [DATA_EXFILTRATION]: The skill accesses sensitive environment files ('.env', '.env.local', '.env.development') to extract the 'PORT' variable. While focused on a single variable, accessing environment files is a sensitive operation.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the agent context through web pages processed by 'agent-browser open' and 'agent-browser snapshot', as well as pull request metadata retrieved via 'gh pr view'.
- Boundary markers: No explicit delimiters or instructions are used to separate untrusted web/PR content from the agent's instructions.
- Capability inventory: The skill possesses the ability to execute shell commands, install software, and interact with local network services.
- Sanitization: No sanitization or validation of content retrieved from external sources is performed before processing.
Audit Metadata