Skills
skills/ggprompts/my-plugins/automating-browser/Gen Agent Trust Hub

automating-browser

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external web pages and possesses powerful tools to act on that data.
  • Ingestion points: tabz/tabz_get_dom_tree, tabz/tabz_get_page_info, tabz/tabz_get_network_requests, and tabz/tabz_get_console_logs (documented in SKILL.md).
  • Boundary markers: The skill instructions do not specify any delimiters or safety warnings for handling embedded instructions within the ingested content.
  • Capability inventory: Includes the ability to execute arbitrary JavaScript (tabz_execute_script), simulate user interaction (tabz_click, tabz_fill), and download files to the system (tabz_download_file).
  • Sanitization: No evidence is provided that the browser output is sanitized or validated before being consumed by the agent.
  • [REMOTE_CODE_EXECUTION]: The skill includes a tool, tabz_execute_script, which allows the agent to run arbitrary JavaScript code within the browser session. While this is a standard feature for automation, it represents a dynamic code execution path.
  • [COMMAND_EXECUTION]: The skill operates by invoking mcp-cli to call various tools on the host system to perform browser management and interaction tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 04:34 AM