kernel-browser-pools
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill interacts with the kernel CLI to perform browser pool operations. These are necessary subprocess calls for the skill's stated purpose of browser management.
- [REMOTE_CODE_EXECUTION] (HIGH): The command 'kernel browsers playwright execute' enables the execution of arbitrary JavaScript within the browser. This capability is high-risk if the scripts or the data they process are influenced by untrusted external sources.
- [PROMPT_INJECTION] (HIGH): The skill has a large attack surface for indirect prompt injection. 1. Ingestion points: Untrusted data enters the context when the browser navigates to external websites via 'page.goto'. 2. Boundary markers: There are no delimiters or instructions provided to the agent to ignore instructions embedded in the external content. 3. Capability inventory: The skill provides arbitrary code execution ('playwright execute') and full network access through the browser. 4. Sanitization: There is no evidence of sanitization or filtering for the external web content before it is processed by the agent's browser automation.
Recommendations
- AI detected serious security threats
Audit Metadata