js-reverse-automation
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
scripts/JsEnv_Dev.jsimplements a WebSocket-based RPC client that includes an_execjsaction handler. This handler useseval()to execute arbitrary JavaScript code received from the connected WebSocket server in the browser context. - [DYNAMIC_EXECUTION]: The skill contains several Python generators, specifically
scripts/emit_flask_proxy.pyandscripts/emit_jsrpc_stub.py, which create new executable Python and JavaScript files at runtime based on the analysis of external websites. - [COMMAND_EXECUTION]: The automation workflow relies on the
chrome-devtools-mcptool to programmatically control a web browser, allowing the agent to perform complex interactions with any user-provided URL. - [OBFUSCATION]: The
references/antidebug/debugger-loop.mddocumentation includes JavaScript snippets designed to overwriteFunction.prototype.toString. This is a deceptive technique intended to hide the presence of security hooks and instrumentation from detection scripts running on the target website. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external websites which then influences the generation of local scripts and documentation.
- Ingestion points: Browser DOM content and network traffic (XHR/Fetch) from user-supplied target URLs are analyzed.
- Boundary markers: No specific delimiters or "ignore instructions" warnings were found in the prompt interpolation logic for analyzed data.
- Capability inventory: The skill can control a browser, write files to the local filesystem, and execute generated code via a local Flask proxy.
- Sanitization: While the skill performs input normalization on parameters, it lacks robust sanitization for the arbitrary JavaScript content it captures and processes during reverse engineering phases.
Audit Metadata