dev-browser
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install the
dev-browserpackage globally from the NPM registry. - [COMMAND_EXECUTION]: Includes instructions to run shell commands for installation and configuration, specifically
npm install -g dev-browseranddev-browser install. - [PROMPT_INJECTION]: As a browser automation tool, the skill is susceptible to indirect prompt injection where malicious instructions are embedded in the websites being navigated or scraped.
- Ingestion points: Navigating to URLs, filling forms, and scraping web data as defined in the description (SKILL.md).
- Boundary markers: None provided in the skill instructions to distinguish between agent instructions and web content.
- Capability inventory: Capabilities include navigating websites, form filling, taking screenshots, and data extraction (SKILL.md).
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the web before processing.
Audit Metadata