Skills
skills/mic92/mics-skills/browser-cli/Gen Agent Trust Hub

browser-cli

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a custom CLI tool, browser-cli, to execute arbitrary JavaScript code and browser interaction commands within a Firefox environment.
  • [DATA_EXFILTRATION]: The skill contains functions that write data to the local filesystem. Specifically, the download() function saves files to the ~/Downloads/ directory, and the shot() function allows saving screenshots to arbitrary paths provided by the user or agent, such as /tmp/page.png.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by retrieving untrusted content from the web and presenting it to the agent.
  • Ingestion points: The read(), snap(), and logs() functions extract text, HTML structure, and console output from external websites into the agent's context (SKILL.md).
  • Boundary markers: The skill does not define specific delimiters or warnings to help the agent distinguish between legitimate page content and malicious instructions embedded in web data.
  • Capability inventory: The tool possesses capabilities including navigation (tab), element interaction (click, type), file downloads (download), and filesystem writes (shot) across all scripts (SKILL.md).
  • Sanitization: There is no evidence of sanitization or filtering of the ingested web content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 12:48 AM
Security Audit — agent-trust-hub — browser-cli