Skills
skills/mitsuhiko/agent-stuff/web-browser/Gen Agent Trust Hub

web-browser

Warn

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: scripts/start.js contains logic to copy the active user's Chrome profile directory—including cookies and login databases—to a local cache directory for reuse by the agent.\n- [COMMAND_EXECUTION]: scripts/watch.js implements continuous logging of network requests, responses, and console output, storing this data locally which could include sensitive session-related information.\n- [REMOTE_CODE_EXECUTION]: scripts/eval.js and other scripts use the Chrome DevTools Protocol to execute arbitrary JavaScript code within the browser targets.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external web content.\n
  • Ingestion points: Web pages navigated to via scripts/nav.js and monitored activity in scripts/watch.js.\n
  • Boundary markers: None implemented.\n
  • Capability inventory: Arbitrary JS execution (scripts/eval.js), element interaction (scripts/pick.js), and screenshotting (scripts/screenshot.js).\n
  • Sanitization: None performed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 24, 2026, 12:53 PM