browser-mcp-resource-guard

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like ps and pkill to monitor and terminate specific browser-related processes. These operations are restricted to patterns associated with browser automation tools (chrome-devtools-mcp, playwright) and are intended for resource management.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and displaying raw process information (PID, command strings) to the agent. Malicious software on the same system could theoretically name its processes with text designed to influence the agent's behavior.
  • Ingestion points: Output of ps -axo via scripts/browser_mcp_process_report.sh or direct command execution in SKILL.md.
  • Boundary markers: Absent; the process report consists of unformatted rows of system data.
  • Capability inventory: Process termination (pkill) and general shell access as defined in the skill scope.
  • Sanitization: None; command strings from the process table are passed directly to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 07:31 AM
Security Audit — agent-trust-hub — browser-mcp-resource-guard