browser-automation-parity
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): Comprehensive analysis of the provided Python scripts and documentation found no malicious patterns, prompt injections, or unauthorized data access. The code implements legitimate browser automation practices.
- Indirect Prompt Injection (SAFE): * Ingestion points: page.goto and page.locator in 'step_contract.py' and 'example_workflow.py'. * Boundary markers: None implemented; the tool relies on developer-defined script logic. * Capability inventory: page.click, page.fill, page.screenshot, and local filesystem access (Path.mkdir, log writing). * Sanitization: None. * Reasoning: While the skill interacts with external web content, the risk is minimized as it is a framework for script-based execution rather than autonomous LLM-driven navigation. The inherent risk is standard for browser tools and is mitigated by the intended developer-controlled workflow.
- Data Exposure (SAFE): Screenshots and JSONL logs are saved locally to a user-defined directory. No indicators of network exfiltration to untrusted domains were found.
Audit Metadata