electron
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by interacting with external Electron applications (e.g., Slack, Discord, VS Code). These apps display content from untrusted third parties which could include hidden instructions designed to manipulate the agent's behavior.
- Ingestion points: Data is ingested via
agent-browser snapshotandagent-browser get textas described in SKILL.md. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing data from these apps.
- Capability inventory: The skill has access to UI interaction tools (click, fill, press) and the
Bashtool. - Sanitization: No evidence of sanitization or filtering of application content is present.
- [COMMAND_EXECUTION]: The skill uses bash commands to launch desktop applications with debugging arguments (e.g.,
open -a 'Slack' --args --remote-debugging-port=9222) and to execute theagent-browserutility. - [EXTERNAL_DOWNLOADS]: The skill leverages
npxto execute theagent-browserpackage, which involves fetching the tool from the npm registry.
Audit Metadata