Skills
skills/emdash-cms/emdash/agent-browser/Gen Agent Trust Hub

agent-browser

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a CLI tool agent-browser to perform automation. It includes a command agent-browser eval which allows for the execution of arbitrary JavaScript within the browser context. This is a standard feature for browser testing but requires the agent to handle inputs to this command with care.
  • [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by ingesting untrusted data from the web.
  • Ingestion points: The agent retrieves data from web pages using snapshot, console, and get text commands (SKILL.md).
  • Boundary markers: Absent. No delimiters or instructions are provided to the agent to distinguish between its own instructions and content found on web pages.
  • Capability inventory: The skill possesses powerful capabilities including the ability to open new URLs, fill input fields, click elements, and eval JavaScript (SKILL.md).
  • Sanitization: Absent. Content retrieved from external websites is provided to the agent without filtering or sanitization.
  • [COMMAND_EXECUTION]: The skill documentation includes examples using a vendor-specific development bypass URL (http://localhost:4321/_emdash/api/setup/dev-bypass). This is documented as a mechanism for form verification and matches the author's infrastructure (emdash-cms).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 01:13 AM