Skills
skills/ulpi-io/skills/browse-stealth/Gen Agent Trust Hub

browse-stealth

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the browse CLI and its associated subcommands for web automation.
  • [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for the user to manually install necessary dependencies, including the @ulpi/browse CLI (a vendor resource) and the camoufox-js library. It explicitly advises against automatic installation by the agent.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from external websites.
  • Ingestion points: Untrusted data enters the agent's context through the browse ... goto <url> command and subsequent content extraction (e.g., text, snapshot).
  • Boundary markers: The instructions do not mandate the use of delimiters or specific instructions to the agent to ignore embedded commands in the fetched content.
  • Capability inventory: The agent possesses the Bash tool, which could be exploited if the agent obeys instructions found on a malicious website.
  • Sanitization: The skill does not describe any sanitization or validation mechanisms for the data retrieved from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 06:29 AM