gologin-agent-browser-skill
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs browser operations by invoking the
gologin-agent-browserCLI, as specified in themanifest.jsonandtools.mdfiles. - [EXTERNAL_DOWNLOADS]: Installation instructions in
README.mddirect users to download thegologin-agent-browser-clifrom the NPM registry. This package is owned by the vendor GologinLabs. - [DATA_EXFILTRATION]: The
agent_browser_uploadtool enables the transfer of local files to a browser session. This intended functionality could be misused to exfiltrate sensitive files if the agent is directed to malicious sites. * Ingestion points: Content is ingested from external websites viaagent_browser_snapshot,agent_browser_get, andagent_browser_find. * Boundary markers: No delimiters or instructions to ignore embedded content were found. * Capability inventory: The skill can execute CLI commands and interact with the file system for uploads and downloads. * Sanitization: No explicit sanitization of untrusted web content is described in the skill metadata.
Audit Metadata