Skills
skills/vibetechnologies/vibe-mcp/vibebrowser/Gen Agent Trust Hub

vibebrowser

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute the @vibebrowser/mcp package from the NPM registry. This is a vendor-owned package used to facilitate the connection between the agent and the browser extension.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands via npx or the local vibebrowser-cli to perform browser automation, including navigating to URLs, clicking elements, and typing text.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ability to ingest untrusted data from the web and perform subsequent actions based on that data.
  • Ingestion points: Untrusted data enters the agent context via the snapshot and tabs commands, which extract content from active browser pages (documented in SKILL.md).
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard commands embedded within the page snapshots.
  • Capability inventory: The skill provides high-privilege browser capabilities including click, type, open, and arbitrary JavaScript execution via the evaluate command (documented in SKILL.md).
  • Sanitization: No sanitization or filtering of the HTML/ARIA content is performed before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 06:55 PM