reflex-browser
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Configures the environment to fetch the @reflexautomation/reflex-cli package from a vendor-hosted registry at git.bqa-solutions.nl.
- [REMOTE_CODE_EXECUTION]: Provides functionality to download the Reflex agent backend and its runtime using reflex agent download and reflex agent runtime install.
- [COMMAND_EXECUTION]: Executes shell-based commands for session control and supports arbitrary Lua execution through reflex lua exec for advanced tasks.
- [PROMPT_INJECTION]: Ingests untrusted web data through summary, text, and html commands (SKILL.md). Boundary markers are provided by a structured JSON response envelope (references/protocol.md). The skill allows high-impact actions like reflex lua exec and reflex browser fill (SKILL.md), but lacks explicit documentation for sanitizing external inputs (sanitization absent).
Audit Metadata