robotframework-browser-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Dynamic Execution (LOW): The skill documents keywords like 'Evaluate JavaScript' and the 'validate' assertion operator (which uses Python expressions). While these are standard library features for browser automation, they involve executing code alongside potentially untrusted web data.
- Indirect Prompt Injection (LOW):
- Ingestion points: Web page content accessed via keywords like 'Get Text' and 'Get Attribute' in 'SKILL.md' and 'references/locators.md'.
- Boundary markers: None specified in the documentation to delimit untrusted web content from agent instructions.
- Capability inventory: Extensive capabilities including browser manipulation, file system writes ('Save Storage State'), and file operations ('Download', 'Upload File By Selector').
- Sanitization: No explicit sanitization or escaping of web content is mentioned before the data is processed by the agent.
- External Downloads (SAFE): The 'rfbrowser init' command is documented for installation to download necessary browser binaries (Playwright). This is an expected and standard procedure for this library.
Audit Metadata