Electrobun Platform
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation provides an example configuration for
chromiumFlagsthat includes'disable-web-security': true. This flag disables the Same-Origin Policy (SOP), which is a fundamental security mechanism in web environments. Disabling it can lead to Cross-Site Scripting (XSS) and data exfiltration if the application loads untrusted content. - [COMMAND_EXECUTION]: The skill provides instructions for users to run
xattr -cron macOS. This command removes extended attributes from a file, effectively bypassing macOS Gatekeeper's quarantine flag for unsigned or unnotarized applications, which is a common technique for executing untrusted binaries. - [PROMPT_INJECTION]: The skill describes handling deep links via the
open-urlevent, which represents an indirect prompt injection surface. - Ingestion points: The
open-urlevent handler inSKILL.mdreceives external URL strings from the operating system. - Boundary markers: The documentation recommends using
setNavigationRulesto allowlist targets, but the code examples do not explicitly demonstrate prompt-level boundaries or "ignore instructions" warnings. - Capability inventory: The Electrobun framework allows for window management, RPC calls, and file system access (through
views://andfile://protocols). - Sanitization: The skill includes a 'Security Checklist' that specifically recommends routing data through RPC with validation and using navigation rules to mitigate risks from untrusted URLs.
Audit Metadata