Skills
skills/browserbase/skills/browserbase-cli/Gen Agent Trust Hub

browserbase-cli

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to install the official vendor packages @browserbasehq/cli and @browserbasehq/browse-cli via npm. These resources are associated with the skill's authoring organization.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute the bb command-line interface for managing Browserbase platform resources, including sessions, projects, and functions.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is identified as the skill fetches data from external web sources and search queries.
  • Ingestion points: Commands such as bb fetch <url> and bb search "<query>" retrieve content from the internet into the agent's context.
  • Boundary markers: The skill does not provide specific instructions or delimiters to help the agent distinguish between its system instructions and the untrusted content fetched from the web.
  • Capability inventory: The agent has access to Bash, enabling it to execute further CLI commands or write data to the filesystem based on instructions found in the processed content.
  • Sanitization: No explicit sanitization or validation of the retrieved external content is mentioned or implemented in the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 05:35 AM