Skills
skills/unbrowse-ai/unbrowse/kuri-agent/Gen Agent Trust Hub

kuri-agent

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides commands that expose and persist sensitive browser session data.\n
  • The commands cookies, storage, and jwt are designed to extract authentication tokens, session identifiers, and local/session storage contents.\n
  • Sensitive session state and custom authentication headers are stored locally in the file ~/.kuri/session.json.\n- [PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection via the processing of untrusted web content.\n
  • Ingestion points: Untrusted data enters the agent context through the snap and text commands defined in SKILL.md when interacting with external websites.\n
  • Boundary markers: The instructions do not define delimiters or specific 'ignore' instructions to prevent the agent from obeying instructions embedded in the retrieved web data.\n
  • Capability inventory: The skill includes capabilities to execute arbitrary JavaScript (eval), perform network requests (fetch), and conduct automated network probing (probe).\n
  • Sanitization: There is no evidence of sanitization or validation logic for the data retrieved from external URLs before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill provides a mechanism for dynamic code execution within the browser environment.\n
  • The eval command allows for the execution of arbitrary JavaScript strings in the context of the current web page, which can be used to manipulate the page or access restricted data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 02:17 AM