browser-debug
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface via browser logs.
- Ingestion points: The skill is designed to capture untrusted data from browser console messages, network request/response headers, and performance traces (SKILL.md).
- Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions when passing captured logs to the LLM for analysis.
- Capability inventory: Captured data is written to the local file system (SKILL.md) and potentially processed by subsequent debugging skills like 'console-debugging' or 'network-inspection'.
- Sanitization: While the skill provides a mechanism for redacting sensitive patterns, it does not implement sanitization to prevent instructions embedded in logs from influencing the agent's behavior.
- [DATA_EXFILTRATION]: Exposure of sensitive browser data.
- The tool captures detailed network activity, including full request and response data (headers and bodies) into files like
network-detail.json. This data frequently contains authentication tokens, session cookies, and personally identifiable information (PII). - Although the skill includes a troubleshooting section advising on redaction and the ability to disable body capture, the inherent capability to record and store raw browser traffic represents a significant data exposure risk if the logs are processed by external tools or shared.
Audit Metadata