Skills
skills/browserbase/skills/browser-trace/Gen Agent Trust Hub

browser-trace

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Node.js child_process modules (spawn, spawnSync, execFileSync) to run the browse CLI and background worker processes for trace collection and artifact management.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves session metadata, logs, and user-generated downloads from the Browserbase platform via official vendor tools. These operations target the vendor's own infrastructure.
  • [DATA_EXFILTRATION]: The skill records detailed browser activity, including DOM content and network headers, to the local .o11y directory. This data is intended for local debugging and is not transmitted to unauthorized external domains.
  • [PROMPT_INJECTION]: The skill processes untrusted web content (CDP events and DOM snapshots), creating a potential surface for indirect prompt injection.
  • Ingestion points: raw.ndjson (CDP firehose) and dom/*.html (DOM snapshots).
  • Boundary markers: No delimiters or instructions to ignore embedded content were found in the processing scripts.
  • Capability inventory: Subprocess execution via spawn and execFileSync in lib.mjs and related scripts.
  • Sanitization: Content captured from the browser is parsed as JSON or stored as HTML without explicit sanitization or filtering logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 08:00 AM
Security Audit — agent-trust-hub — browser-trace