test-browser
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves and processes untrusted data from the web and PR metadata. \n
- Ingestion points: Untrusted content enters the context via
agent-browser opensnapshots andgh pr viewoutput. \n - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore commands embedded within the tested web content. \n
- Capability inventory: The skill has the ability to execute bash commands and perform file operations (creating markdown files). \n
- Sanitization: Absent. There is no evidence that the content retrieved from the browser is filtered or sanitized before processing.
Audit Metadata