browse-now
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
browse-nowCLI, which is a tool provided by the vendornowledge-co, to perform browser actions like navigating, clicking, and filling forms. - [DATA_EXFILTRATION]: The skill can capture screenshots and extract page text from the user's browser session. These capabilities are intended for its stated purpose of browser automation and information retrieval.
- [PROMPT_INJECTION]: An indirect prompt injection surface is identified where untrusted data enters the agent context via
browse-now get page-textandsnapshot -i(ingestion points in SKILL.md). The skill lacks explicit boundary markers or sanitization instructions to prevent the agent from being influenced by instructions embedded in the web content it processes. The skill possesses significant interaction capabilities through thebrowse-nowCLI (capability inventory in SKILL.md). - [SAFE]: No patterns of direct prompt injection, malicious obfuscation, or unauthorized remote code execution were found. The skill operates in a local-only context as specified.
Audit Metadata