agent-loop-browser
Warn
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
mcporterandbrowseCLI tools to execute browser automation commands, including navigation and UI interaction.\n- [REMOTE_CODE_EXECUTION]: Theevaluate_scriptcommand allows the agent to execute arbitrary JavaScript within the browser context, which can be used to interact with or extract data from active web sessions.\n- [DATA_EXFILTRATION]: The skill provides tools for capturing snapshots and screenshots of web pages, creating a path for potentially sensitive information from the browser to be saved to the local filesystem or accessed by the agent.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external websites.\n - Ingestion points: External data enters the agent context via page snapshots and navigation feedback.\n
- Boundary markers: No delimiters or safety instructions are used to distinguish between skill instructions and content retrieved from the web.\n
- Capability inventory: The skill has access to shell execution (
mcporter), JavaScript execution (evaluate_script), and file system writes.\n - Sanitization: There is no evidence of sanitization or filtering of the ingested web content before the agent processes it.
Audit Metadata