Skills
skills/hkuds/cli-anything/cli-anything-browser/Gen Agent Trust Hub

cli-anything-browser

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @apireno/domshell package via npx and a specific Chrome extension from the Web Store. These are external dependencies required for the tool to function but are not authored by the primary vendor.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external web content.
  • Ingestion points: Data enters the agent context through commands like fs ls, fs cat, and fs grep, which read the accessibility tree of active web pages (SKILL.md).
  • Boundary markers: No specific boundary markers or instructions to treat page content as untrusted are provided to prevent the agent from obeying commands embedded in web pages.
  • Capability inventory: The skill possesses capabilities to interact with the web environment via act click and act type, which could be abused if the agent follows malicious instructions from a page (SKILL.md).
  • Sanitization: No sanitization or filtering of the content retrieved from web pages is described before it is presented to the agent.
  • [DATA_EXFILTRATION]: While the skill does not perform exfiltration directly, the combination of reading arbitrary page content and the ability to interact with web forms creates a surface where an agent could be manipulated into extracting sensitive data from one site and submitting it to another.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:02 PM