Skills
skills/inkeep/team-skills/browser/Gen Agent Trust Hub

browser

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's primary function is to execute arbitrary JavaScript code for browser automation. The run.js and scripts/connect-local.js files wrap agent-provided code strings into temporary files and execute them using Node.js require().
  • [DATA_EXFILTRATION]: The skill contains functions specifically designed to extract browser session state. In lib/local-browser.js, the extractAuthState function can capture cookies, localStorage, and IndexedDB data from the user's running Chrome browser. While intended for session persistence, these tools could be used to exfiltrate active login sessions.
  • [COMMAND_EXECUTION]: The skill manages a background daemon process (session-server.js) using child_process.spawn to maintain persistent browser sessions. It also uses execSync to perform process discovery (e.g., searching for running Chrome instances using pgrep or tasklist).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It is designed to navigate to external websites and extract content (such as ARIA trees and page text) to summarize for the agent. Maliciously crafted content on a third-party website could potentially inject instructions into the agent's context.
  • [EXTERNAL_DOWNLOADS]: The runAccessibilityAudit function in lib/helpers.js dynamically fetches the axe-core library from the Cloudflare CDN (cdnjs.cloudflare.com) at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 12:11 PM
Security Audit — agent-trust-hub — browser