chrome
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the user to install
puppeteerandplaywright. These are well-known packages maintained by trusted organizations (Google and Microsoft respectively), which downgrades the severity per the trust rules. - [COMMAND_EXECUTION] (LOW): Provides instructions for executing shell commands such as
npm installandnode script.jsto facilitate the browser automation environment. - [DATA_EXFILTRATION] (LOW): The skill provides patterns for capturing screenshots (
page.screenshot) and extracting page data (page.content(),page.textContent()). While these are intended primary functions, they present a risk surface for data leakage if used on sensitive or untrusted pages. - [PROMPT_INJECTION] (LOW): This skill exposes a surface for Indirect Prompt Injection (Category 8). An attacker-controlled website could include instructions intended to hijack the agent's behavior when the agent processes the page content.
- Ingestion points: Untrusted web content enters the agent context through
page.goto(),page.content(), andpage.textContent(). - Boundary markers: Absent. The snippets do not demonstrate use of delimiters to separate web data from agent instructions.
- Capability inventory: Full browser automation, network access, and JavaScript execution in the browser context via
page.evaluate(). - Sanitization: Absent. The skill does not provide methods for sanitizing or validating extracted web content.
Audit Metadata