Browser Automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill accepts 'Scripts' as an input and demonstrates the use of JavaScript for browser automation tasks. Execution of these scripts can lead to unauthorized actions within the automated browser session.
- [EXTERNAL_DOWNLOADS]: The capability to navigate to arbitrary URLs involves fetching data from remote, potentially untrusted sources.
- [PROMPT_INJECTION]: By processing data and scraping content from external websites, the skill is susceptible to indirect prompt injection. Malicious instructions hidden on a web page could attempt to manipulate the agent's subsequent actions.
- Ingestion points: URLs and content scraped via selectors (SKILL.md).
- Boundary markers: None identified in the skill definition to isolate scraped content from instructions.
- Capability inventory: Includes navigation, element interaction (click, type), and screenshot tools (SKILL.md).
- Sanitization: No explicit sanitization or filtering of external content is defined.
Audit Metadata