browser-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill implements browser automation and data scraping which creates a surface for indirect prompt injection attacks. 1. Ingestion points: Scraping occurs in SearchPage.get_results within
references/advanced-patterns.mdand cookie extraction in CookieManager withinreferences/security-examples.md. 2. Boundary markers: Absent. The skill does not wrap ingested data in delimiters or provide instructions to the agent to ignore instructions embedded in the external content. 3. Capability inventory: Full browser automation via Playwright, including navigation, element interaction, and network request interception. 4. Sanitization: Partially present through_safe_fill(blocks password field interaction) andvalidate_domain(implements allowlisting/blocklisting). - SAFE (SAFE): An automated scanner flagged the domain browser.se. After analysis, this appears to be a false positive triggered by the logging namespace 'browser.audit' in
references/security-examples.md, as the domain does not appear in the skill source code.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata