Skills
skills/sourcegraph/amp-contrib/web-browser/Gen Agent Trust Hub

web-browser

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (HIGH): The tools/start.js file uses rsync to copy the user's Chrome profile directory (~/Library/Application Support/Google/Chrome/) to a cache directory when the --profile flag is used. This exposes sensitive data like session cookies and history.
  • Indirect Prompt Injection (HIGH): The skill processes untrusted web content without sanitization. Ingestion points: Web data is ingested via tools/nav.js and tools/eval.js. Boundary markers: None are present to separate web content from instructions. Capability inventory: The skill can execute JavaScript (tools/eval.js), navigate pages (tools/nav.js), save files (tools/screenshot.js), and run shell commands (tools/start.js). Sanitization: None. Malicious websites can exploit these capabilities to hijack the agent.
  • Dynamic Execution (MEDIUM): tools/eval.js uses new AsyncFunction to execute arbitrary strings in the browser, providing a vector for code injection.
  • Command Execution (MEDIUM): tools/start.js uses execSync for shell-based file operations and process management.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:51 PM