Skills
skills/shahfarzane/claude-code-browser-skills/browser-automation/Gen Agent Trust Hub

browser-automation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Privilege Escalation (HIGH): The setup.json file instructs the user to execute 'sudo apt install google-chrome-stable' on Linux systems. Requesting administrative privileges (sudo) is a high-risk pattern, even if intended for legitimate software installation.
  • Indirect Prompt Injection (LOW): The skill navigates to and extracts data from external, untrusted websites, which serves as a primary ingestion point for malicious instructions. \n
  • Ingestion points: browser navigate, browser extract, and browser observe commands in EXAMPLES.md. \n
  • Boundary markers: Absent. There are no delimiters or instructions to prevent the agent from obeying instructions embedded in web content. \n
  • Capability inventory: browser act (interaction), browser navigate, and file downloads. \n
  • Sanitization: Absent. Website content is processed as natural language instructions for the LLM.
  • Unverifiable Dependencies (MEDIUM): setup.json requires running 'npm install' and 'npm link' on local code, which can execute arbitrary lifecycle scripts and modify the global system environment.
  • Dynamic Execution (MEDIUM): The 'browser act' command translates natural language into browser interactions, a form of dynamic execution logic that could be exploited if the input is influenced by malicious web data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:48 PM