browser-cash
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Susceptible to indirect prompt injection. The skill's primary purpose is web scraping and automation, which involves ingesting untrusted content from external websites into the agent's context. This data could contain malicious instructions designed to influence agent behavior.
- [COMMAND_EXECUTION]: Uses dynamic execution of Node.js code. The skill's instructions include running
node -ewith shell variable interpolation ($CDP_URL) to establish browser connections. While functional for the intended use case, this pattern involves assembling and executing code at runtime.
Audit Metadata