electron
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to launch desktop applications with the
--remote-debugging-portflag and to runagent-browsercommands. This is the intended functionality of the skill for controlling desktop apps. - [EXTERNAL_DOWNLOADS]: The allowed-tools list includes
npx agent-browser:*, which allows the agent to download and run theagent-browserpackage from the npm registry. - [PROMPT_INJECTION]: The skill is designed to ingest and process data from external applications which constitutes an indirect prompt injection attack surface.
- Ingestion points: Data is ingested from desktop applications using
agent-browser snapshot,get text, andtabcommands. - Boundary markers: There are no specific boundary markers or instructions to ignore embedded commands in the ingested data.
- Capability inventory: The skill allows Bash command execution and full interaction with desktop applications.
- Sanitization: No sanitization of ingested content is described in the skill instructions.
Audit Metadata