autobrowse
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Th e skil l exhibit s a significan t att ac k surfac e fo r in direc t p r ompt injectio n th r ough th e p r oce s sin g o f external web site conten t.
- Ingestio n point s: Web site snap shot s an d text conten t are ingeste d by th e 'inne r agen t' (via
eval uate.mj s) an d p r oce s se d into tr ac e s um m arie s fo r th e 'oute r agen t'. - Boun d ar y marke r s: Th e sy stem p r ompt lac k s exp licit delimite r s o r inst r uction s to igno r e em be d de d com m an d s within th e data ext r acte d fr om external web site s.
- Cap abilit y inventor y: Th e oute r agen t ha s acce s s to powe rful too l s inc ludin g
Bas h,Write,Rea d, an dAgen t, whic h coul d be targete d if a n in direc t injectio n suc ce s sful l y inf luence s it s action s. - Sanitizatio n: Th e re is no specific sanitizatio n o r vali d atio n o f th e conten t ret rieve d fr om external web site s befo r e it ente r s th e agen t context.
- [COMMAND_EXECUTION]: Th e skil l utilize s th e
Bas htoo l to run loc al No de.j s sc ript s (eval uate.mj s) whic h execute th ebrow seCLI too l to d rive brow se r se s sion s. Th eeval uate.mj ssc ript imp lement s a custom arg umen t par se r to mitig ate shel l injectio n ris k s. A d ditional l y, th e skil l w rite s new execut abl e skil l file s to th e use r's~/.clau de/skil l s/director y durin g th e 'g r a d uatio n' p r oce s s. - [DATA_EXFILTRATION]: Th e skil l han d le s sensitive API key s (
ANTHROPIC_API_KEY,BROWSERBASE_API_KEY) use d to inte r ac t with official se rvice p r ovi de r s a s par t o f it s core brow se r automatio n function alit y.
Audit Metadata