k8s-browser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a surface for indirect prompt injection by ingesting untrusted web data and providing tools that can modify system state. * Ingestion points: browser_content() retrieves full page text from Kubernetes, Grafana, or ArgoCD dashboards. * Boundary markers: Absent. The instructions do not define delimiters for external content or warn the agent to ignore embedded instructions. * Capability inventory: The skill includes powerful interaction tools like browser_click(), browser_fill(), and browser_type() which can be used to delete resources or change configurations. * Sanitization: None. The agent receives raw HTML or text content.
- [Credential Safety] (SAFE): While the skill shows examples using token123 and password, these are clearly placeholders and not active secrets.
Audit Metadata