electron
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed instructions for executing shell commands to launch popular desktop applications with the
--remote-debugging-portflag. This configuration allows the agent to connect to and control the application's internal Chromium instance. - [PROMPT_INJECTION]: The skill exposes the agent to indirect prompt injection by design. By interacting with applications that display external, untrusted content (e.g., chat messages in Slack/Discord or code in VS Code), the agent could encounter and inadvertently execute malicious instructions embedded in that content.
- Ingestion points: Application snapshots and text extraction performed via
agent-browser snapshotandagent-browser get text(SKILL.md). - Boundary markers: No explicit boundary markers or 'ignore' instructions are provided to help the agent distinguish between application UI and untrusted content.
- Capability inventory: The agent can click, fill forms, type, and navigate within the automated applications using
agent-browser(SKILL.md). - Sanitization: No sanitization or validation of the content retrieved from the applications is suggested or implemented.
Audit Metadata