browser-automation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed for web scraping and browser automation (navigating to URLs, parsing HTML, and interacting with elements).
- Ingestion points: Processes external website content via
page.gotoandbrowser.$$eval. - Boundary markers: None specified in the instructional material to separate browser data from agent instructions.
- Capability inventory: Provides examples for clicking, form filling, and JavaScript execution (
$$eval) in the browser context. - Sanitization: No mention of sanitizing or escaping content retrieved from websites before processing.
- Dynamic Execution (MEDIUM): The skill demonstrates the use of
$$evaland browser-side scripting, which allows for the execution of logic within the target website's context. This is a standard feature for this toolset but represents a significant attack surface if the target site is malicious. - Data Exposure (LOW): While it discusses scraping, which involves data retrieval, the examples provided focus on public data (titles, prices) and do not contain hardcoded credentials or instructions to exfiltrate sensitive local files.
Audit Metadata