browser-automation
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends using the
@different-ai/opencode-browserpackage from the author's NPM registry to access debugging tools and run self-tests. - [COMMAND_EXECUTION]: Includes instructions for running various CLI commands via
npx, including tool listing, individual tool execution with JSON arguments, and project smoke tests. - [PROMPT_INJECTION]: The skill uses tools like
browser_queryto extract page text and metadata, which introduces a surface for indirect prompt injection from external websites. - Ingestion points: Untrusted web content is ingested through
browser_queryusingmode=page_textormode=text(SKILL.md). - Boundary markers: No explicit delimiters or instructions are provided to help the agent distinguish between its system instructions and commands embedded in web content.
- Capability inventory: The skill enables the agent to navigate to arbitrary URLs, click elements, and type text (SKILL.md).
- Sanitization: There is no mention of sanitizing or validating content retrieved from external pages.
Audit Metadata