browser-automation

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends using the @different-ai/opencode-browser package from the author's NPM registry to access debugging tools and run self-tests.
  • [COMMAND_EXECUTION]: Includes instructions for running various CLI commands via npx, including tool listing, individual tool execution with JSON arguments, and project smoke tests.
  • [PROMPT_INJECTION]: The skill uses tools like browser_query to extract page text and metadata, which introduces a surface for indirect prompt injection from external websites.
  • Ingestion points: Untrusted web content is ingested through browser_query using mode=page_text or mode=text (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions are provided to help the agent distinguish between its system instructions and commands embedded in web content.
  • Capability inventory: The skill enables the agent to navigate to arbitrary URLs, click elements, and type text (SKILL.md).
  • Sanitization: There is no mention of sanitizing or validating content retrieved from external pages.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 07:17 PM
Security Audit — agent-trust-hub — browser-automation