Skills
skills/lekt9/unbrowse-openclaw/unbrowse-browser/Gen Agent Trust Hub

unbrowse-browser

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from arbitrary web URLs.
  • Ingestion points: Untrusted content enters the context via the 'resolve' action which targets external URLs.
  • Boundary markers: There are no instructions for the agent to use delimiters or ignore embedded directives when processing website content.
  • Capability inventory: The skill can execute marketplace logic, perform authenticated 'login' actions, and run API-backed paths.
  • Sanitization: No sanitization or validation of the retrieved web content is specified.
  • [REMOTE_CODE_EXECUTION]: The skill provides an interface for searching and running external logic from a remote source.
  • Evidence: The 'search' and 'execute' actions allow the agent to find and run 'skillId' and 'endpointId' components from the shared Unbrowse marketplace. This enables the dynamic loading of automation logic defined outside the immediate skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 06:31 PM