Skills
skills/obra/superpowers-chrome/browsing/Gen Agent Trust Hub

browsing

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses child_process.spawn to launch Chrome. It searches for the browser binary in standard platform paths or uses the path provided via the CHROME_WS_BROWSER environment variable.
  • [EXTERNAL_DOWNLOADS]: An automated scanner flagged the use of curl ... | node in a test script. Technical analysis of test-raw.sh confirms this is used solely to parse local JSON output from the Chrome DevTools endpoint and does not execute remote code.
  • [REMOTE_CODE_EXECUTION]: The skill provides an eval action that executes arbitrary JavaScript within the controlled browser session. This is a core functionality for browser automation tools and is restricted to the context of the loaded web pages.
  • [PROMPT_INJECTION]: The instructions in SKILL.md are descriptive and focus on tool usage. No attempts to override agent behavior, bypass safety filters, or extract system prompts were detected.
  • [DATA_EXFILTRATION]: While the skill can extract page content, cookies, and local storage, these actions are initiated by the agent's logic. No evidence of hardcoded exfiltration endpoints or unauthorized data harvesting was found.
  • [DATA_EXFILTRATION]: The skill acts as an ingestion point for untrusted web data. While this presents an indirect prompt injection surface common to all browsing tools, no malicious instructions targeting the agent are present in the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 04:00 PM