lightpanda-browser
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends installing software by piping a remote shell script from an unverified GitHub repository (https://github.com/nichochar/install-lightpanda/raw/main/install.sh) directly to the shell:
curl -fsSL ... | bash. This practice allows for arbitrary code execution from a third-party source without verification. Found in SKILL.md and references/lightpanda-setup.md.\n- [EXTERNAL_DOWNLOADS]: The skill instructions in SKILL.md and references/lightpanda-setup.md involve cloning source code from an external repository (https://github.com/lightpanda-io/browser.git) for manual builds.\n- [COMMAND_EXECUTION]: The setup documentation in references/lightpanda-setup.md provides instructions for configuring system-level services which require the use ofsudofor administrative access on Linux systems.\n- [COMMAND_EXECUTION]: Instructions are provided in references/lightpanda-setup.md to establish persistence on macOS (via launchd) and Linux (via systemd), allowing the browser daemon to persist across sessions.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points:open,get text,get htmlcommands (File: SKILL.md, references/commands.md). 2. Boundary markers: Absent. 3. Capability inventory:eval,fill,click, and command-line browser control (File: SKILL.md, references/commands.md). 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://github.com/nichochar/install-lightpanda/raw/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata