Skills
skills/serkan-ozal/browser-devtools-skills/browser-testing/Gen Agent Trust Hub

browser-testing

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to interface with the browser-devtools-cli utility for browser automation tasks.
  • [REMOTE_CODE_EXECUTION]: The skill exposes subcommands run js-in-browser and run js-in-sandbox which allow for dynamic execution of JavaScript code in the browser context or a sandbox, representing a risk if influenced by untrusted external data.
  • [DATA_EXFILTRATION]: Features tools to capture page content such as HTML, text, screenshots, and PDFs, which can be used to extract data from navigated web pages.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from untrusted web sources without isolation.
  • Ingestion points: Web content retrieved via get-as-html and get-as-text subcommands defined in SKILL.md.
  • Boundary markers: None. The skill does not define specific markers or instructions to distinguish web content from agent commands.
  • Capability inventory: Bash access to browser automation tools, network navigation, and the ability to capture or save browser state.
  • Sanitization: None. There is no evidence of sanitization or validation of the data retrieved from external URLs before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 10:15 AM