browser-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process data from external, untrusted sources, which could contain malicious instructions meant to subvert the agent's behavior.
- Ingestion points: The skill uses
read_page,read_console_messages, andnavigatetools to pull data from external web pages, and examples show it reading from local files likecontacts.csv. - Boundary markers: There are no instructions or boundary markers (such as XML tags or explicit 'ignore instructions' warnings) to help the agent distinguish between its system instructions and the data it reads.
- Capability inventory: The agent has high-privilege capabilities, including full browser control via
computer(click, type, screenshot),form_inputfor data entry, and the ability to execute local bash scripts for network probing. - Sanitization: No sanitization, DOM filtering, or log scrubbing is performed before the external data is interpolated into the agent's context.
Audit Metadata