agent-browser

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from multiple sources including materialText, materialUrl, and materialFile (defined in SKILL.md and references/form-schema.json).
  • Ingestion points: Data enters the agent via user-provided text, file uploads, and external URL references.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided within the skill's instruction set.
  • Capability inventory: The skill's runner script (scripts/run.py) performs network requests to the vendor API but does not execute local system commands based on AI output.
  • Sanitization: No client-side sanitization or validation of external content is performed before it is sent to the API.
  • [EXTERNAL_DOWNLOADS]: The skill's Python runner (scripts/run.py) performs network operations targeting the vendor's official API at https://ai-skills.ai to process the diagnosis logic.
  • [COMMAND_EXECUTION]: A Python script scripts/run.py is provided to allow users to interact with the API. This script utilizes standard Python libraries and performs authorized network communication with the vendor's infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — agent-browser