tor-browser
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The setup instructions recommend the use of sudo for installing the Tor service and managing its lifecycle on the host system.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing untrusted data from the web.
- Ingestion points: The skill retrieves content from external web sources (including .onion sites) via the navigate and get_snapshot methods in scripts/tor-browser.py.
- Boundary markers: Extracted content is not wrapped in specific markers or accompanied by warnings to ignore instructions embedded in the data.
- Capability inventory: The script allows for browser interactions like clicking and form filling, which could be manipulated by malicious web content.
- Sanitization: There is no evidence of sanitization or filtering of the text and element metadata extracted from web pages.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of browser binaries from the official Playwright repository managed by Microsoft during the environment setup process.
Audit Metadata