agent-browser
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from multiple sources including
materialText,materialUrl, andmaterialFile(defined inSKILL.mdandreferences/form-schema.json). - Ingestion points: Data enters the agent via user-provided text, file uploads, and external URL references.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided within the skill's instruction set.
- Capability inventory: The skill's runner script (
scripts/run.py) performs network requests to the vendor API but does not execute local system commands based on AI output. - Sanitization: No client-side sanitization or validation of external content is performed before it is sent to the API.
- [EXTERNAL_DOWNLOADS]: The skill's Python runner (
scripts/run.py) performs network operations targeting the vendor's official API athttps://ai-skills.aito process the diagnosis logic. - [COMMAND_EXECUTION]: A Python script
scripts/run.pyis provided to allow users to interact with the API. This script utilizes standard Python libraries and performs authorized network communication with the vendor's infrastructure.
Audit Metadata