debug-browser-session

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes kernel browsers process exec to run shell commands inside the remote session VM, providing broad control for diagnostic purposes.
  • [DATA_EXFILTRATION]: Enables access to sensitive session data, including retrieving browser cookies via Playwright (page.context().cookies()) and reading arbitrary log or configuration files from the VM file system.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and acting upon untrusted data from the VM environment.
  • Ingestion points: VM log files, webpage titles, and outputs from commands executed within the session.
  • Boundary markers: None provided in the instruction set to separate diagnostic data from agent instructions.
  • Capability inventory: Extensive capabilities including shell command execution (process exec) and arbitrary JavaScript execution (playwright execute) inside the browser VM.
  • Sanitization: No validation or sanitization of data retrieved from the VM environment is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 06:08 AM
Security Audit — agent-trust-hub — debug-browser-session