Lightpanda

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/install.sh script downloads platform-specific Lightpanda binaries from the author's official GitHub repository (lightpanda-io/browser). The installer implements a security check by fetching and verifying the SHA256 checksum of the binary via the GitHub API before granting execution permissions.
  • [COMMAND_EXECUTION]: The skill executes the lightpanda binary to support its primary functions, including acting as an MCP (Model Context Protocol) server, performing CLI-based web fetches, and running a CDP (Chrome DevTools Protocol) server for automation.
  • [REMOTE_CODE_EXECUTION]: The skill provides an evaluate tool and custom CDP methods that allow the agent to execute JavaScript code within the browser's page context. This is expected functionality for a web automation and scraping tool.
  • [INDIRECT_PROMPT_INJECTION]: The skill provides an interface to ingest and process content from arbitrary external URLs, creating a surface for indirect instructions to reach the agent.
  • Ingestion points: Tools such as goto, markdown, and fetch (documented in SKILL.md) ingest raw and processed data from web pages.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation or tool descriptions.
  • Capability inventory: The skill enables JavaScript execution (evaluate), form interaction (fill), and element clicking (click).
  • Sanitization: The skill returns page content (HTML/Markdown) to the agent without explicit sanitization or filtering of potential injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 04:09 PM
Security Audit — agent-trust-hub — Lightpanda