browser-use

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted input from external sources, creating a surface for indirect prompt injection.
  • Ingestion points: The skill accepts external content via materialUrl (URLs), materialText (user-provided text), and materialFile (uploaded files) as defined in references/form-schema.json and SKILL.md.
  • Boundary markers: The instructions do not define clear delimiters or specific instructions for the model to ignore potential commands embedded within the fetched or uploaded content.
  • Capability inventory: The scripts/run.py script possesses network capabilities to communicate with the ai-skills.ai API, which performs the core task execution.
  • Sanitization: Input parameters are JSON-encoded in scripts/run.py before being sent to the API, but there is no evidence of content-level sanitization to prevent the interpretation of malicious instructions within the data.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with an external API to perform its primary function.
  • The script scripts/run.py makes network requests to https://ai-skills.ai/api/execute to process user goals and materials. This domain is the official endpoint for the service provided by the vendor 'allinherog-star'.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — browser-use