superme
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates browser automation via the
browser-useCLI, employingevalcommands to execute JavaScript within the web context. This is used to interact with the DOM, manipulate Vue.js and AngularJS application states, and perform automated logins. - [DATA_EXFILTRATION]: Sensitive session data, including authentication tokens, JWTs, and browser cookies, are exported and saved to the local filesystem (e.g.,
/tmp/superme_cookies.json,/tmp/superme_rami_token.txt). While required for session persistence across commands, this represents local exposure of session credentials. - [EXTERNAL_DOWNLOADS]: The skill automatically installs the
browser-usetool using theuvpackage manager if it is not detected in the environment during execution. - [PROMPT_INJECTION]: The skill's documentation includes specific instructions for AI agents regarding safe installation procedures to mitigate a known supply chain attack in its dependencies. These instructions are directed at the agent's execution logic.
Audit Metadata