browse
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests content from external websites.
- Ingestion points: External data is ingested through
agent-browser open,get text body, andget html maincommands inSKILL.md. - Boundary markers: Absent; there are no delimiters or instructions to ignore commands found within the web content.
- Capability inventory: The skill possesses extensive capabilities including
agent-browser eval,click,fill, andupload(as seen inSKILL.md). - Sanitization: Absent; the content is not filtered or sanitized before being processed by the agent.
- [DATA_EXFILTRATION]: The skill can access sensitive browser session data.
- Evidence: The commands
agent-browser cookies getandagent-browser storage local getenable retrieval of potentially sensitive authentication and session information. - [COMMAND_EXECUTION]: The workflow relies on executing the
agent-browserCLI tool to perform all browser interactions. - [EXTERNAL_DOWNLOADS]: The skill suggests the command
agent-browser installto download browser binaries from external sources if they are missing. - [REMOTE_CODE_EXECUTION]: Includes an
evalcommand that allows the execution of arbitrary JavaScript within the browser's execution context.
Audit Metadata