browser-automation
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill establishes an attack surface for indirect prompt injection via the browser_subagent tool.
- Ingestion points: Untrusted content is ingested when the tool navigates to external URLs as defined in the Task parameter in SKILL.md and example files.
- Boundary markers: Absent; the skill does not suggest using delimiters or ignore instructions to isolate web content from the agent's control logic.
- Capability inventory: High; the subagent can perform actions such as clicking, typing in forms, and navigating, which could be exploited by malicious web content.
- Sanitization: None; the documentation provides no guidance on sanitizing or validating information extracted from web pages.
Audit Metadata