skill-constraints
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses browser tools such as
page.extract_textandpage.get_htmlto ingest content from external websites. This creates a surface for indirect prompt injection, where a malicious website could provide instructions that manipulate the agent's behavior. * Ingestion points:page.extract_textandpage.get_html* Capability inventory: Browser interaction tools (click, type) and shell command execution * Boundary markers: None identified in the provided constraints * Sanitization: No explicit content filtering or validation is mentioned. - [DATA_EXFILTRATION]: The skill configures browser automation to use a specific user profile path (
~/.chrome-cdp-profile). While intended for session persistence, this path is sensitive as it stores user authentication cookies, history, and other private session data. - [COMMAND_EXECUTION]: The skill utilizes shell commands (
sleep $((RANDOM % 26 + 5))) to implement randomized delays between automation steps to evade detection mechanisms.
Audit Metadata