browse
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the Bun runtime installer from
https://bun.sh/install, which is a well-known service for JavaScript development. The installation script is verified against a hardcoded SHA256 checksum (bab8acfb046aac8c72407bdcce903957665d655d7acaa3e11c7c4616beae68dd) before being executed via the shell, preventing tampered scripts from running. - [COMMAND_EXECUTION]: During its preamble, the skill executes several internal helper scripts (e.g.,
gstack-slug,gstack-config,gstack-repo-mode) shipped within its own directory to manage configuration and project state. These operations are local and part of the skill's core functionality. - [DATA_EXFILTRATION]: Includes features to import cookies from local browser profiles (
cookie-import-browser) to facilitate testing authenticated user flows. To prevent accidental leakage, the skill implements automatic redaction for sensitive fields in request headers, cookies, and web storage data before they are surfaced in logs or agent responses. - [PROMPT_INJECTION]: Employs a robust multi-layered defense-in-depth strategy against indirect prompt injection from malicious websites:
- Ingestion points: Untrusted data is ingested from the browser via commands in
src/read-commands.tssuch astext,html, andsnapshot. - Boundary markers: All untrusted external content is wrapped in clear
--- BEGIN UNTRUSTED EXTERNAL CONTENT ---delimiters. - Capability inventory: The skill allows the agent to interact with pages using locators and write operations defined in
src/write-commands.ts. - Sanitization: Implements an advanced sanitization pipeline (Layers 1-4) that includes text watermarking (datamarking), detection of hidden/deceptive DOM elements, ARIA label injection scanning, a URL blocklist for known exfiltration endpoints, and an ensemble of ML-based classifiers to detect adversarial instructions.
Audit Metadata