browse-ai
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the vendor's own command-line interface,
@membranehq/cli, to manage authentication and execute actions. This is consistent with the stated purpose of the skill and the author's identity. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process unstructured data from external websites via Browse AI.
- Ingestion points: Data is received into the agent context through
membrane action runandmembrane requestcommands, particularly when retrieving results from scraping tasks. - Boundary markers: The instructions do not define specific delimiters or instructions to the agent to ignore embedded commands in the scraped content.
- Capability inventory: The skill allows the agent to execute shell commands via the
membraneCLI and make network requests through the Membrane proxy. - Sanitization: There is no explicit evidence of content sanitization or filtering mentioned in the SKILL.md documentation.
Audit Metadata