browsh
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires and executes the
browshandfirefoxbinaries locally to perform its core function. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it renders untrusted external web content.
- Ingestion points: Web pages fetched and rendered by the
browshcommand inSKILL.md. - Boundary markers: None present in the suggested usage to separate web content from agent instructions.
- Capability inventory: Execution of local binaries (
browsh,firefox) to fetch and display data. - Sanitization: No sanitization or filtering of the rendered web text is described in the skill.
Audit Metadata