browser-testing-with-screenshots
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to clone and install scripts from an external GitHub repository (
https://github.com/badlogic/agent-tools.git). This repository is not from a recognized trusted organization, which introduces a dependency on unverified code. - [COMMAND_EXECUTION]: The workflow relies on executing multiple JavaScript files (
browser-start.js,browser-nav.js, etc.) from the external repository. These scripts execute locally with the user's permissions. - [REMOTE_CODE_EXECUTION]: Through
browser-eval.js, the skill can execute arbitrary JavaScript within the context of the loaded web page. This is a high-risk capability that could be misused if the agent navigates to a malicious site or if the evaluation parameters are influenced by untrusted input. - [CREDENTIALS_UNSAFE]: The skill includes the
browser-cookies.jstool, which is designed to list session cookies. Accessing and displaying session tokens represents a potential for credential exposure or session hijacking. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection during web testing activities.
- Ingestion points: Untrusted content is ingested from web pages via
browser-content.jsand through DOM interaction inbrowser-eval.js(referenced in SKILL.md). - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: The skill possesses the ability to execute code in the browser via
browser-eval.jsand navigate to new URLs viabrowser-nav.js(SKILL.md). - Sanitization: There is no evidence of data sanitization or validation before the agent processes external content.
Audit Metadata