Skills
skills/skillsh/skills/agent-browser/Gen Agent Trust Hub

agent-browser

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh command-line utility to interface with a remote browser automation service and manage browser sessions.
  • [REMOTE_CODE_EXECUTION]: Provides an execute function that enables the execution of arbitrary JavaScript code within the browser's context, which is a core feature for modern web automation and scraping.
  • [DATA_EXFILTRATION]: Includes capabilities to extract sensitive data from browser sessions, such as cookies and localStorage content, as demonstrated in the documentation's authentication patterns.
  • [PROMPT_INJECTION]: The skill inherently possesses an indirect prompt injection surface (Category 8) due to its function as a web browser interacting with untrusted content.
  • Ingestion points: Any URL processed through the open or goto actions (e.g., in templates/capture-workflow.sh).
  • Boundary markers: Absent; the skill does not explicitly frame external content with delimiters to warn the agent about potential instructions in the data.
  • Capability inventory: JavaScript execution (execute), element interaction (interact), and file uploads (upload).
  • Sanitization: No sanitization of external website content is performed by the skill's scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 11:19 AM