Skills
skills/bighardperson/computer-science-skills-collection/browser/Gen Agent Trust Hub

browser

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface
  • Ingestion points: The skill reads arbitrary external web content in index.js via page.goto(url) and page.evaluate().
  • Boundary markers: Absent. There are no delimiters or instructions to treat the fetched web content as untrusted data in the prompt context.
  • Capability inventory: The skill uses puppeteer to navigate and execute JavaScript on remote pages.
  • Sanitization: Absent. The script extracts raw innerText and returns it directly to the agent without filtering or sanitization.
  • [COMMAND_EXECUTION]: Reduced Browser Isolation
  • The script in index.js launches Puppeteer with the --no-sandbox and --disable-setuid-sandbox arguments. These flags disable Chromium's primary security isolation layer, which could allow a malicious website to exploit browser vulnerabilities to escape the process and execute code on the host system.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 10:47 AM
Security Audit — agent-trust-hub — browser