Skills
skills/samhvw8/dotfiles/browser-history/Gen Agent Trust Hub

browser-history

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill directly accesses sensitive local application databases containing private user information, specifically Firefox's places.sqlite and Chromium's History files.
  • [DATA_EXFILTRATION]: The queries retrieve granular activity data such as full URLs, page titles, and Firefox metadata including total_view_time and key_press counts.
  • [COMMAND_EXECUTION]: The skill initiates execution of a local shell script (./find-browser.sh) to identify browser installation paths and database locations.
  • [COMMAND_EXECUTION]: Uses the sqlite3 command-line utility to perform read operations on local system files.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing untrusted data from external websites (titles and URLs).
  • Ingestion points: Data enters the context from the moz_places and urls tables via the provided SQL search queries.
  • Boundary markers: No delimiters or instructions are used to distinguish retrieved content from system instructions.
  • Capability inventory: The agent possesses command execution capabilities (sqlite3 and shell script execution).
  • Sanitization: No validation or sanitization is performed on the data retrieved from the browser history before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 26, 2026, 11:16 PM