Skills
skills/zenobi-us/dotfiles/firefox-debug/Gen Agent Trust Hub

firefox-debug

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (MEDIUM): The evaluateScript tool enables the execution of arbitrary JavaScript within the browser context. In an agentic workflow, this allows the AI to run any code on a webpage, which could be exploited to perform actions on behalf of the user or interact with malicious scripts.
  • DATA_EXFILTRATION (MEDIUM): The skill provides direct access to sensitive browser data. Specifically, the getStorage tool is showcased in documentation examples (SKILL.md) to extract 'auth_token' from localStorage. While useful for debugging, this capability facilitates the exposure of session credentials.
  • COMMAND_EXECUTION (MEDIUM): The skill's operational model relies on shell command execution via mcporter and mise (e.g., mise x node@20 -- mcporter call ...). This creates a dependency on the underlying host's shell environment for all browser interactions.
  • PROMPT_INJECTION (LOW): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from external websites via getPageContent and getConsoleOutput.
  • Ingestion points: getPageContent, getConsoleOutput, and getStorage in SKILL.md.
  • Boundary markers: None identified; the agent reads raw DOM and console data.
  • Capability inventory: Subprocess calls via mcporter, arbitrary JS execution via evaluateScript, and navigation control via navigateToUrl.
  • Sanitization: No evidence of sanitization or filtering of the retrieved web content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:07 PM