Skills
skills/web-infra-dev/midscene-skills/browser-automation/Gen Agent Trust Hub

browser-automation

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and executes the @midscene/web package from the npm registry using the npx command to perform browser automation tasks.
  • [COMMAND_EXECUTION]: Utilizes shell commands to run the automation framework and performs connectivity prechecks using curl against local browser debugging ports (127.0.0.1:9222 and 127.0.0.1:3766).
  • [PROMPT_INJECTION]: The skill has a surface area for indirect prompt injection as it processes and reacts to content from external websites.
  • Ingestion points: External web content and screenshots are ingested via the connect --url command (File: SKILL.md).
  • Boundary markers: Absent; the multimodal model interprets the entire visual state of the browser without specific markers to distinguish page content from instructions.
  • Capability inventory: Full browser interaction including clicking, typing, and navigation via the act and tap tools (File: SKILL.md).
  • Sanitization: None; the skill relies on the underlying model's ability to distinguish between page elements and instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 08:19 AM