mcp-browser-verify
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary function is to interact with external, potentially untrusted web content, which presents a surface for indirect prompt injection attacks.
- Ingestion points: External URLs accessed via MCP browser automation tools as defined in the procedure section of
SKILL.md. - Boundary markers: Absent. The skill does not provide delimiters or instructions to the agent to ignore malicious prompts embedded within the HTML or UI of the target applications.
- Capability inventory: The agent can navigate, interact with web elements, capture screenshots, and read console/network logs via the allowed MCP tools.
- Sanitization: Absent. There is no evidence of content sanitization or validation of the data retrieved from the browser before it is processed by the agent.
- Data Exposure (SAFE): The skill mentions the use of credentials in its procedure but does not contain hardcoded secrets or API keys.
- External Dependencies (SAFE): The skill references standard MCP browser tools (Playwright/Browser-Use) but does not perform any unauthorized downloads or package installations.
Audit Metadata