agent-loop-browser

Warn

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the mcporter and browse CLI tools to execute browser automation commands, including navigation and UI interaction.\n- [REMOTE_CODE_EXECUTION]: The evaluate_script command allows the agent to execute arbitrary JavaScript within the browser context, which can be used to interact with or extract data from active web sessions.\n- [DATA_EXFILTRATION]: The skill provides tools for capturing snapshots and screenshots of web pages, creating a path for potentially sensitive information from the browser to be saved to the local filesystem or accessed by the agent.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external websites.\n
  • Ingestion points: External data enters the agent context via page snapshots and navigation feedback.\n
  • Boundary markers: No delimiters or safety instructions are used to distinguish between skill instructions and content retrieved from the web.\n
  • Capability inventory: The skill has access to shell execution (mcporter), JavaScript execution (evaluate_script), and file system writes.\n
  • Sanitization: There is no evidence of sanitization or filtering of the ingested web content before the agent processes it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 25, 2026, 04:44 PM
Security Audit — agent-trust-hub — agent-loop-browser