Skills
skills/juanibiapina/browse-cli/browse/Gen Agent Trust Hub

browse

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to visit and process untrusted content from the web, creating a massive attack surface for indirect injections. \n
  • Ingestion points: page.read, page.text, network.body, and console as seen in SKILL.md. \n
  • Boundary markers: None. The skill does not implement delimiters or warnings to ignore instructions within page content. \n
  • Capability inventory: js (JavaScript execution), upload (local file read), cookies (session theft), and navigate (redirection). \n
  • Sanitization: None. Data from the browser is passed directly to the agent context. \n- [Command Execution] (HIGH): The js and frame.js commands allow for the execution of arbitrary JavaScript code within the browser context, which can be used to bypass security controls or steal data. \n- [Data Exfiltration] (HIGH): The skill exposes sensitive user information through cookies, history, and screenshot commands. The upload command can be used to access local files, which could then be exfiltrated via navigation to an attacker-controlled site. \n- [External Downloads] (MEDIUM): Automated scanners flagged other-page.com and wait.net as malicious. other-page.com is explicitly used in the skill's navigation examples, posing a risk if followed by the agent.
Recommendations
  • AI detected serious security threats
  • Contains 3 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:48 AM