aios-project-system
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize repository-local scripts (e.g., scripts/run-browser-use-mcp.sh) for automation tasks, which is expected behavior for this specific project.
- [PROMPT_INJECTION]: The skill's primary function involves browser automation, which involves processing untrusted data from external websites. This is classified as a surface for indirect prompt injection.
- Ingestion points: Data is retrieved from websites via tools like page.extract_text and page.get_html.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the retrieved web data.
- Capability inventory: The agent can execute local scripts and write to various repository directories.
- Sanitization: No explicit content validation or sanitization mechanisms are described for data ingested from browser sessions.
Audit Metadata