stealth-browser
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on
distrobox-enterto execute shell commands and Python scripts (camoufox-fetch.py,curl-api.py,camoufox-session.py) within a containerized environment. - [EXTERNAL_DOWNLOADS]: The skill instructs the installation of third-party packages
camoufoxandcurl_cffiviapip. It also notes thatcamoufoxwill automatically download a ~700MB Firefox binary fork upon its first execution. - [PROMPT_INJECTION]: The skill is designed to fetch raw content (HTML, text, and screenshots) from external, untrusted websites such as Airbnb and Yelp. This creates a significant surface for indirect prompt injection, where malicious instructions embedded in the scraped data could influence the agent's subsequent actions.
- [COMMAND_EXECUTION]: The troubleshooting documentation suggests the use of
sudo dnf installto resolve library dependencies, which involves privilege escalation. - [DATA_EXFILTRATION]: While focusing on browser profiles, the skill handles sensitive session data and cookies stored in
~/.stealth-browser/. Although it recommends restrictive file permissions (chmod 700), these files represent sensitive credentials that could be exposed if the filesystem is compromised.
Audit Metadata