electron
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Remote Debugging Interface]: The skill utilizes the
--remote-debugging-portflag to enable the Chrome DevTools Protocol (CDP) on local ports (e.g., 9222). This is a standard feature of Electron and Chromium used to allow external tools to inspect and control the application. While this creates a local communication channel, it is restricted to the host machine and is the primary mechanism for the skill's automation capabilities. - [Processing of External Data]: By automating applications like Slack, Discord, and VS Code, the agent may ingest untrusted content such as chat messages or source code. This introduces a surface for indirect prompt injection, where instructions embedded in the application's UI could attempt to influence the agent's logic. This is an inherent consideration for any UI automation tool, and users should ensure that sensitive operations require manual confirmation.
- [Use of Automation Tooling]: The skill relies on the
agent-browserutility to execute commands. These commands include taking screenshots, clicking elements, and typing text within the context of the targeted application. These actions are performed using the agent's authorized tools to achieve the user's requested automation tasks.
Audit Metadata