Skills
skills/memtensor/memos/dev-browser/Gen Agent Trust Hub

dev-browser

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • REMOTE_CODE_EXECUTION (MEDIUM): The skill requires the agent to generate and run arbitrary TypeScript scripts, granting it significant control over the host environment.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill uses an aliased, non-standard version of Playwright (rebrowser-playwright) and automatically downloads browser binaries via the command line.
  • COMMAND_EXECUTION (MEDIUM): Server scripts use execSync to run lsof and kill -9 to manage active network ports.
  • DATA_EXFILTRATION (LOW): The skill scrapes web data and stores persistent browser profiles (containing cookies) in user directories.
  • INDIRECT_PROMPT_INJECTION (LOW): Ingests untrusted web content via getAISnapshot and page.goto without sanitization or boundary markers, creating a surface for instructions hidden in websites to influence agent behavior. Capability inventory includes script execution and network access.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:06 PM