paw-mkt-cro
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the agent-browser tool from the vercel-labs GitHub repository, which is a verified and trusted source.
- [COMMAND_EXECUTION]: It executes the agent-browser CLI for website audits and runs local shell scripts (tool-discovery.sh, chrome-profiles.sh) to manage the environment and browser profiles.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data from live websites. 1. Ingestion points: Live URL content retrieved via agent-browser during audits. 2. Boundary markers: No explicit delimiters or instructions are provided to ignore embedded content in retrieved web data. 3. Capability inventory: Includes file system writes to project directories and the ability to execute CLI commands. 4. Sanitization: No specific validation or escaping of external content is described before it is analyzed by the agent.
Audit Metadata