Skills
skills/yonatangross/skillforge-claude-plugin/browser-automation/Gen Agent Trust Hub

browser-automation

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill enables browser automation using the agent-browser CLI. While the tool itself is from a trusted source, the skill explicitly grants the agent broad permissions, including the ability to execute arbitrary shell commands (Bash), read files (Read), and write files (Write). This creates a significant risk for command execution and data exfiltration if the agent is compromised or prompted maliciously.

Total Findings: 4

🔴 HIGH Findings: • COMMAND_EXECUTION

  • Line 10: The skill's metadata explicitly lists allowedTools: [Bash, Read, Write]. Granting Bash access means the agent can execute arbitrary shell commands. While the skill itself does not contain malicious commands, this capability allows for potential command injection if the agent is prompted to execute user-controlled input or if the agent's reasoning is compromised. • DATA_EXFILTRATION
  • Line 10: The allowedTools also include Read and Write. The agent-browser CLI provides a state save <file> command (Line 60), which can persist browser session data (cookies, local storage) to a file. With Read and Write permissions, an agent could be prompted to save sensitive browser state and then exfiltrate the resulting file using Bash commands.

🔵 LOW Findings: • Unverifiable Dependencies

  • Line 17: The skill instructs npm install -g agent-browser and agent-browser install, and references npx skills add vercel-labs/agent-browser (Line 20). The agent-browser tool is from vercel-labs/agent-browser, which is a trusted GitHub repository. This specific finding is downgraded to LOW severity as per the trusted source policy.

ℹ️ TRUSTED SOURCE References: • Trusted External Dependency

  • Line 17: npm install -g agent-browser refers to vercel-labs/agent-browser, a trusted GitHub repository. • Trusted External Dependency
  • Line 18: agent-browser install refers to vercel-labs/agent-browser, a trusted GitHub repository. • Trusted External Dependency
  • Line 20: npx skills add vercel-labs/agent-browser refers to vercel-labs/agent-browser, a trusted GitHub repository. • Trusted External Dependency
  • Line 79: github.com/vercel-labs/agent-browser is a trusted GitHub repository.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 03:17 AM