browser
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize a command-line utility called
playwriterto manage browser sessions and execute JavaScript strings via the-eflag. - [COMMAND_EXECUTION]: The skill defines a mechanism for executing code by writing JavaScript snippets to a spool directory located at
.gm/exec-spool/in/browser/, which are then processed by the underlying platform. - [PROMPT_INJECTION]: As a web-browsing skill, it possesses an attack surface for indirect prompt injection where malicious instructions embedded in visited websites could attempt to influence the agent's behavior.
- Ingestion points: Untrusted data enters the context through
page.goto,$$eval, andsnapshotoperations described inSKILL.md. - Boundary markers: No specific delimiters or warnings to ignore embedded instructions are present in the provided snippets.
- Capability inventory: The skill has the ability to write files to the spool directory and execute arbitrary JavaScript within the browser environment.
- Sanitization: No explicit sanitization or filtering of content extracted from web pages is defined.
Audit Metadata