Skills
skills/yonatangross/skillforge-claude-plugin/browser-content-capture/Gen Agent Trust Hub

browser-content-capture

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted web data without sanitization. Ingestion points: agent-browser open (Line 52, 102). Boundary markers: Absent. Capability inventory: agent-browser eval (Line 108), agent-browser fill (Line 110), shell redirection > (Line 132). Sanitization: Absent. A malicious site could inject instructions to exploit the agent.
  • Credentials Unsafe (HIGH): The skill contains hardcoded credentials in examples (Line 110: password123) and recommends saving sensitive session state to world-readable directories (Line 115: /tmp/auth-state.json).
  • Dynamic Execution (HIGH): The agent-browser eval command executes arbitrary JavaScript within an untrusted browser context, creating a significant attack surface for DOM-based exploits.
  • Command Execution (MEDIUM): Web content is piped directly to the filesystem using shell redirection (Line 132), allowing untrusted data to write to local storage.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:11 AM