Skills
skills/neversight/skills_feed/agent-browser/Gen Agent Trust Hub

agent-browser

Fail

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation recommends installing the 'infsh' CLI tool using 'curl -fsSL https://cli.inference.sh | sh'. This pattern executes a remote script directly in the shell without prior verification of the content.
  • [COMMAND_EXECUTION]: The skill includes an 'execute' function that allows the agent to run arbitrary JavaScript code within the browser session. If an agent processes untrusted input to generate this code, it could lead to malicious actions within the browser context.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the web.
  • Ingestion points: The 'open' and 'snapshot' functions fetch and process content from external URLs provided at runtime.
  • Boundary markers: There are no visible boundary markers or instructions to ignore embedded commands in the processed web content.
  • Capability inventory: The skill can execute JavaScript, upload files, and perform complex interactions (click, fill, drag) on any webpage.
  • Sanitization: No sanitization or filtering of the retrieved page content is described before the data is returned to the agent's context.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 2, 2026, 09:24 AM