Skills
skills/eze-is/web-access-skill/web-access/Gen Agent Trust Hub

web-access

Warn

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses highly sensitive local data by reading Chrome's internal database files. The script scripts/find-url.mjs identifies and reads from the History and Bookmarks files within the Chrome User Data directory (e.g., ~/Library/Application Support/Google/Chrome/) across macOS, Linux, and Windows. It copies the History SQLite database to a temporary directory to perform queries, exposing the user's full browsing history and bookmarked URLs to the agent.
  • [COMMAND_EXECUTION]: Several scripts execute system-level commands. scripts/find-url.mjs uses execFileSync to run the sqlite3 command-line tool for querying the browser's history database. scripts/check-deps.mjs uses spawn to manage the lifecycle of the cdp-proxy.mjs background process.
  • [REMOTE_CODE_EXECUTION]: The scripts/cdp-proxy.mjs script implements an /eval endpoint that accepts arbitrary JavaScript code via HTTP POST and executes it within the context of the user's active browser tabs using the Chrome DevTools Protocol (CDP). This allows the agent to execute any script in the browser, including scripts that interact with authenticated sessions.
  • [EXTERNAL_DOWNLOADS]: The skill integrates with external services and package managers. It uses Jina Reader (r.jina.ai) to process web content and recommends installation via npx skills, which is a well-known service from Vercel Labs. It also suggests downloading the ws module if the Node.js version is below 22.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 6, 2026, 03:25 PM
Security Audit — agent-trust-hub — web-access