browser-screenshot
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands that include user-provided parameters such as URLs, CSS selectors, and file paths (e.g.,
agent-browser --auto-connect open <url>,magick ... <output-path>.png). There are no instructions for sanitizing or escaping these strings, which could lead to shell command injection if the agent processes malicious input. - [PROMPT_INJECTION]: The skill is designed to navigate to and ingest content from arbitrary external websites (Reddit, X, blogs) to identify target elements. This represents a classic indirect prompt injection surface where instructions embedded in a webpage could manipulate the agent.
- Ingestion points: Data enters the context via
agent-browser open,snapshot -i, andscreenshot --annotateinSKILL.md. - Boundary markers: There are no markers or instructions telling the agent to ignore instructions found within the web pages it visits.
- Capability inventory: The agent can execute shell commands (
magick), navigate the web (agent-browser), and execute JavaScript on pages (eval). - Sanitization: No validation or sanitization is performed on the content retrieved from external sites before the agent interprets it.
Audit Metadata