gologin-web-access-skill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill is implemented as a wrapper for the
gologin-web-accessCLI tool, which is used to perform all web scraping and browser automation operations. This is the intended and documented architectural design. - [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing or running the
gologin-web-accessCLI via npm or npx. These resources are official vendor tools provided by the skill's author (gologinlabs) and are standard for this integration. - [DATA_EXPOSURE]: Tools such as
browser_cookies,browser_storage_export, andbrowser_screenshotallow the agent to retrieve sensitive session information, which is a core requirement for browser automation. Additionally,parse_documentallows for reading local files for analysis. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing untrusted data from external websites. Ingestion points:
read_page,scrape_url,scrape_markdown,scrape_text,scrape_json,batch_scrape,search_web,map_site,crawl_site, andparse_document. Boundary markers: None identified in the prompt templates. Capability inventory:browser_eval(JavaScript execution),browser_upload(file upload),browser_cookies,browser_storage_export, andparse_document(local file access). Sanitization: None explicitly implemented in the skill instructions. - [REMOTE_CODE_EXECUTION]: The
browser_evaltool enables the execution of arbitrary JavaScript within the browser context, and theworkflow_runtool executes multi-step JSON-based runbooks. These features are provided for advanced web interaction and are consistent with the tool's primary purpose.
Audit Metadata