browser-booking-agent
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to navigate external websites and interact with search/booking forms, which introduces a risk of processing untrusted instructions embedded in third-party content.
- Ingestion points: External web pages and search results accessed during the booking flow (SKILL.md).
- Boundary markers: None defined in the provided markdown instructions to separate user intent from untrusted web data.
- Capability inventory: Browser navigation, automated form completion, and screenshot capture for verification.
- Sanitization: No evidence of input validation or content filtering for data retrieved from the browser.
- [SAFE]: No malicious code, hardcoded credentials, or unauthorized network operations were detected in the provided documentation and metadata. The reference to the 'openclaw' GitHub repository is recognized as a vendor-owned resource.
Audit Metadata