browser-mcp-resource-guard
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
psandpkillto monitor and terminate specific browser-related processes. These operations are restricted to patterns associated with browser automation tools (chrome-devtools-mcp,playwright) and are intended for resource management. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and displaying raw process information (PID, command strings) to the agent. Malicious software on the same system could theoretically name its processes with text designed to influence the agent's behavior.
- Ingestion points: Output of
ps -axoviascripts/browser_mcp_process_report.shor direct command execution inSKILL.md. - Boundary markers: Absent; the process report consists of unformatted rows of system data.
- Capability inventory: Process termination (
pkill) and general shell access as defined in the skill scope. - Sanitization: None; command strings from the process table are passed directly to the agent's context.
Audit Metadata