functions
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing commands via the Browserbase CLI for local development and cloud deployment.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and initialize a project using the official Browserbase SDK package from the npm registry.
- [DATA_EXFILTRATION]: The skill provides instructions for managing sensitive API keys and project identifiers using environment files for authorized communication with Browserbase APIs.
- [PROMPT_INJECTION]: The skill's architecture for processing external URLs and selectors as input parameters for browser automation represents a surface for indirect prompt injection.
- Ingestion points: Data enters the function through the
paramsobject inSKILL.mdandREFERENCE.md. - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the provided code snippets.
- Capability inventory: The skill enables browser automation via Playwright (
playwright-core) and allows publishing functions to the cloud. - Sanitization: The provided examples do not demonstrate sanitization or validation of input parameters before use.
Audit Metadata