yutori-browse
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill navigates to user-specified or dynamically discovered URLs, creating a surface for indirect prompt injection from malicious web content. Evidence Chain: 1. Ingestion points: Website content processed by the browser agent via the
run_browsing_tasktool. 2. Boundary markers: Not present; the instructions do not include delimiters or warnings to ignore instructions embedded in the webpage content. 3. Capability inventory: Navigation, clicking, typing, and structured data extraction. 4. Sanitization: None specified in the skill instructions.
Audit Metadata