kernel-computer-controls
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill documents the use of the
kernelCLI for system-level interactions. While these capabilities (simulating human input, taking screenshots) are powerful, they are consistent with the skill's stated purpose for browser automation and testing. - INDIRECT_PROMPT_INJECTION (LOW): Like all browser automation tools, this skill has a surface for indirect prompt injection if the agent interacts with malicious websites that contain instructions designed to trick the AI into performing unauthorized actions via the computer control tools.
- Ingestion points: Untrusted web content accessed through the browser VM (e.g., via
page.goto). - Boundary markers: None are defined in the provided command examples.
- Capability inventory: Full OS-level mouse and keyboard control (
click-mouse,type,press-key) and shell execution via thekernelCLI. - Sanitization: No sanitization or input validation logic is present in the documentation samples.
Audit Metadata