browse-ai
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the extraction of structured data from external websites, which introduces a surface for indirect prompt injection where instructions embedded in scraped content could influence agent behavior.
- Ingestion points: Website data retrieved via
RunExtraction,RunTask, andGetTaskactions in SKILL.md. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when handling scraped data.
- Capability inventory: The skill allows the agent to execute shell commands via the Membrane CLI (
membrane action run,membrane request) and perform network operations. - Sanitization: No explicit sanitization or content validation of the scraped data is mentioned in the skill body.
- [EXTERNAL_DOWNLOADS]: The skill identifies the installation of a command-line utility from the vendor as a prerequisite for managing the integration.
- Evidence: Recommends global installation of the
@membranehq/clipackage via npm in SKILL.md.
Audit Metadata