Browser Automation
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process data from external websites, which introduces a surface for indirect prompt injection. Malicious instructions hidden on a target web page (such as in HTML comments or invisible elements) could theoretically attempt to divert the agent from its instructed task during scraping or automation.
- Ingestion points: External web content retrieved via the browser navigation and extraction tools.
- Boundary markers: The provided examples do not explicitly show delimiters or instructions to ignore embedded commands in the scraped content.
- Capability inventory: The skill has capabilities for navigation, clicking, typing (including form submission), and generating file output (screenshots and PDFs).
- Sanitization: There is no mention of content sanitization or filtering before processing the scraped data.
- [DATA_EXFILTRATION]: The skill facilitates data movement between web services as part of its automation workflow. While this is a primary feature, it creates a surface where data read from one URL could be submitted to another. This is an expected behavior for browser automation tools but requires user oversight when interacting with sensitive sites.
Audit Metadata