browser-automation-notte

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to read and parse local credential files using Python.
  • Evidence: export GOOSEWORKS_API_KEY=$(python3 -c "import json;print(json.load(open('$HOME/.gooseworks/credentials.json'))['api_key'])") in SKILL.md.
  • [DATA_EXFIL_TRATION]: The skill performs network requests to the Gooseworks API and has capabilities to extract sensitive session cookies.
  • Evidence: usage of curl commands targeting api.gooseworks.ai and the Get Session Cookies capability described in SKILL.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its web scraping capabilities.
  • Ingestion points: The Scrape Webpage, Observe Page, Scrape from HTML, and Scrape Page endpoints in SKILL.md allow the agent to ingest content from untrusted external websites.
  • Boundary markers: The skill does not define specific delimiters or include instructions to the agent to ignore potentially malicious commands embedded in the scraped data.
  • Capability inventory: The skill possesses high-risk capabilities, including Execute Page Action, Set Session Cookies, Get Session Cookies, and Start Agent.
  • Sanitization: No sanitization or validation logic is mentioned for the content retrieved from external sources before it is processed by the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — browser-automation-notte