Skills
skills/ulpi-io/skills/browse-geo/Gen Agent Trust Hub

browse-geo

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external search engines (Google, Perplexity, and ChatGPT).
  • Ingestion points: Data is gathered via snapshot and text commands in SKILL.md (Steps 1, 2, and 3).
  • Boundary markers: The skill lacks explicit instructions or delimiters to prevent the agent from following instructions found within the scraped content.
  • Capability inventory: The skill utilizes the Bash tool to execute browse CLI commands.
  • Sanitization: No sanitization or filtering of the ingested content is performed before processing.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run the browse CLI utility for navigating websites, taking snapshots, and extracting text.
  • [EXTERNAL_DOWNLOADS]: The skill references the camoufox-js package. It correctly identifies this as a prerequisite and explicitly instructs the agent not to perform automatic installation, instead prompting the user to install it manually.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 06:29 AM