browser-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to install a plugin from an unverified GitHub repository (
sawyerhood/dev-browser). This source is not included in the list of trusted organizations or repositories, posing a risk of installing malicious or unvetted code. - [COMMAND_EXECUTION] (MEDIUM): The skill provides explicit instructions to execute plugin installation commands (
/plugin marketplace add...) for an unverified external source. - [PROMPT_INJECTION] (LOW): The skill is inherently vulnerable to Indirect Prompt Injection (Category 8) due to its core functionality.
- Ingestion points: Untrusted data enters the agent context via
browser_snapshotandbrowser_take_screenshot(SKILL.md). - Boundary markers: Absent. There are no instructions to the agent to ignore or delimit embedded instructions within the page content.
- Capability inventory: The agent has a wide range of interactive capabilities including
browser_click,browser_type,browser_fill_form, andbrowser_press_keyacross all sections of the skill. - Sanitization: Absent. The skill provides no guidance on escaping or validating external web content before the agent interacts with it.
Audit Metadata