browser-use
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from external sources, creating a surface for indirect prompt injection.
- Ingestion points: The skill accepts external content via
materialUrl(URLs),materialText(user-provided text), andmaterialFile(uploaded files) as defined inreferences/form-schema.jsonandSKILL.md. - Boundary markers: The instructions do not define clear delimiters or specific instructions for the model to ignore potential commands embedded within the fetched or uploaded content.
- Capability inventory: The
scripts/run.pyscript possesses network capabilities to communicate with theai-skills.aiAPI, which performs the core task execution. - Sanitization: Input parameters are JSON-encoded in
scripts/run.pybefore being sent to the API, but there is no evidence of content-level sanitization to prevent the interpretation of malicious instructions within the data. - [EXTERNAL_DOWNLOADS]: The skill communicates with an external API to perform its primary function.
- The script
scripts/run.pymakes network requests tohttps://ai-skills.ai/api/executeto process user goals and materials. This domain is the official endpoint for the service provided by the vendor 'allinherog-star'.
Audit Metadata