Skills
skills/hixuanxuan/browser-automation/visual-issue-clarification/Gen Agent Trust Hub

visual-issue-clarification

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is browser automation and visual reporting. No malicious patterns such as data exfiltration, credential theft, or unauthorized persistence were detected.
  • [COMMAND_EXECUTION]: The skill uses Node.js scripts to interact with the Chrome DevTools Protocol. While it executes commands within the browser context, these are restricted to the local browser environment and are necessary for the skill's stated purpose of measuring DOM elements.
  • [DYNAMIC_EXECUTION]: The annotate.mjs script uses Runtime.evaluate to interact with the browser's DOM. The script includes an esc function to sanitize user-provided labels before they are injected into the page as SVG elements, mitigating potential DOM-based injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill depends on the ws (WebSocket) Node.js package. The package-lock.json file confirms that this dependency is fetched from the official NPM registry.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 03:09 AM