oxylabs-unblocking-browser
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface detected. The skill ingests untrusted data from external websites which could contain adversarial instructions designed to influence the agent's behavior.
- Ingestion points: Usage of
page.content(),page.title(), andpage.$$eval()inSKILL.mdandexamples.mdto retrieve remote web data. - Boundary markers: Absent. The code does not implement delimiters or system-level instructions to treat the ingested web content as untrusted data.
- Capability inventory: Remote network access (via CDP), local file system writes (for screenshots and PDFs), and automated browser interactions (fill, click).
- Sanitization: Absent. Data from external pages is returned to the agent without filtering or sanitization.
- [DATA_EXFILTRATION] (LOW): The skill initiates network connections to
ubc.oxylabs.io. While this is the intended functionality of the service, the domain is not on the pre-approved whitelist for exfiltration analysis. - [CREDENTIALS_UNSAFE] (SAFE): Authentication credentials (
OXY_UNBLOCKER_USERNAME,OXY_UNBLOCKER_PASSWORD) are correctly handled through environment variables rather than hardcoded strings. - [EXTERNAL_DOWNLOADS] (SAFE): The skill depends on well-known, established libraries (
playwrightandpuppeteer) for browser automation, which are considered low-risk dependencies when used as intended.
Audit Metadata