browser-automation-notte
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to read and parse local credential files using Python.
- Evidence:
export GOOSEWORKS_API_KEY=$(python3 -c "import json;print(json.load(open('$HOME/.gooseworks/credentials.json'))['api_key'])")inSKILL.md. - [DATA_EXFIL_TRATION]: The skill performs network requests to the Gooseworks API and has capabilities to extract sensitive session cookies.
- Evidence: usage of
curlcommands targetingapi.gooseworks.aiand theGet Session Cookiescapability described inSKILL.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its web scraping capabilities.
- Ingestion points: The
Scrape Webpage,Observe Page,Scrape from HTML, andScrape Pageendpoints inSKILL.mdallow the agent to ingest content from untrusted external websites. - Boundary markers: The skill does not define specific delimiters or include instructions to the agent to ignore potentially malicious commands embedded in the scraped data.
- Capability inventory: The skill possesses high-risk capabilities, including
Execute Page Action,Set Session Cookies,Get Session Cookies, andStart Agent. - Sanitization: No sanitization or validation logic is mentioned for the content retrieved from external sources before it is processed by the AI agent.
Audit Metadata