Skills
skills/vm0-ai/vm0-skills/browserless/Gen Agent Trust Hub

browserless

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to interact with the Browserless API and jq to process the JSON output.
  • [DATA_EXFILTRATION]: The skill sends data payloads to production-sfo.browserless.io. This is documented as the official endpoint for the Browserless service and is necessary for its functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from arbitrary external websites. This is an inherent risk for any web-browsing tool.
  • Ingestion points: Data is fetched from external URLs via the Browserless API as documented in SKILL.md.
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are included in the prompt examples.
  • Capability inventory: The skill uses curl to perform network requests and writes temporary files to /tmp/.
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the web before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 12:51 AM