Browswer Automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its browser automation capabilities.
- Ingestion points: External web content is ingested into the agent's context when performing
agent-browser snapshot -ias described inSKILL.md. - Boundary markers: The instructions do not define delimiters or specific system prompts to isolate retrieved web content from the agent's core instructions.
- Capability inventory: The skill utilizes the
agent-browserCLI tool (SKILL.md) to interact with web pages and execute automation commands. - Sanitization: There is no mention of content filtering or sanitization for the data retrieved from external URLs.
- [COMMAND_EXECUTION]: The skill relies on the execution of the
agent-browserCLI tool to perform its primary functions. While this is the intended purpose of the skill, it involves subprocess execution based on user-provided URLs.
Audit Metadata