browser
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local CLI utility called browser-tool located in the ~/.wegent-executor/bin/ directory to interact with the web. This tool supports various actions including navigation, clicking, typing, and running arbitrary JavaScript in the page context via the evaluate action.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external websites.
- Ingestion points: Data is pulled into the agent context through the navigate, snapshot, and evaluate actions defined in SKILL.md.
- Boundary markers: No explicit delimiters or safety instructions are defined in the skill to distinguish between agent instructions and untrusted content from the web.
- Capability inventory: The skill allows the agent to navigate to any URL, interact with elements, and execute arbitrary code in the browser via the evaluate action.
- Sanitization: There is no evidence of sanitization or filtering applied to the data extracted from the web before it is processed by the agent.
Audit Metadata