electron
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when interacting with apps like Slack, Discord, or Notion that contain untrusted content. Ingestion points: Application UI content retrieved via
agent-browser snapshotandget text. Boundary markers: None present. Capability inventory:agent-browsertools for clicking, typing, and navigating within apps. Sanitization: No content sanitization is performed on ingested data. - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to launch native applications with the
--remote-debugging-portflag enabled, which allows external control of the application. - [EXTERNAL_DOWNLOADS]: Facilitates the use of the
agent-browsertool, which is retrieved from the well-known NPM registry vianpx.
Audit Metadata