Skills
skills/wrsmith108/dev-browser-claude-skill/dev-browser/Gen Agent Trust Hub

dev-browser

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires running a local shell script (./skills/dev-browser/server.sh) to start a background process and uses bun x tsx with heredocs to execute dynamically generated TypeScript code.
  • [EXTERNAL_DOWNLOADS]: The setup process is described as automatically installing dependencies and downloading the Playwright Chromium browser during its first run.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection when navigating to external websites, as it lacks sanitization for retrieved content like ARIA snapshots or page text.
  • [PROMPT_INJECTION]: Mandatory Evidence Chain:
  • Ingestion points: The agent ingests untrusted data from web pages via client.getAISnapshot() and page.goto() as seen in SKILL.md.
  • Boundary markers: Absent. There are no instructions to use delimiters or warnings when processing retrieved web content.
  • Capability inventory: The skill can execute shell commands (bun x tsx), write files (screenshots in tmp/), and perform network operations.
  • Sanitization: Absent. The skill does not describe any methods for sanitizing or validating data retrieved from the browser context before further processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 11:31 AM