browser
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's primary execution mechanism involves generating temporary JavaScript files from agent-provided code and loading them dynamically using the
require()function inrun.jsandconnect-local.js. - [EXTERNAL_DOWNLOADS]: The
runAccessibilityAuditfunction inlib/helpers.jsdownloads theaxe-coreaccessibility engine from a well-known CDN (cdnjs.cloudflare.com) at runtime. - [COMMAND_EXECUTION]: The skill executes system commands for setup tasks (
npm install,npx playwright install) and environment checks (pgrep,tasklist) usingchild_process.execSync. - [DATA_EXFILTRATION]: The skill provides capabilities to upload local files, screenshots, and videos to external services such as Vimeo and Bunny Stream using user-configured API keys.
- [PROMPT_INJECTION]: Processing external web content via functions like
getPageStructureintroduces a risk of indirect prompt injection, where malicious instructions embedded in a webpage could influence agent behavior. - Ingestion points: External webpage content and ARIA snapshots processed in
lib/helpers.jsandlib/local-browser.js. - Boundary markers: None identified in the logic that interpolates or processes webpage text.
- Capability inventory: Includes arbitrary script execution, network requests, and file system operations.
- Sanitization: No specific sanitization or instruction-filtering is applied to external web content before it is presented to the agent.
Audit Metadata