cloakbrowser
Fail
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
install.shscript fetches and executes theuvinstallation script directly from a remote source using a shell pipe.\n- [EXTERNAL_DOWNLOADS]: During setup, the skill downloads a large, patched Chromium binary from an external repository to enable its stealth browsing features.\n- [COMMAND_EXECUTION]: Theinstall.shscript utilizessudoto install a Python execution wrapper in the/usr/local/bin/directory, which involves modifying system-level directories.\n- [COMMAND_EXECUTION]: The skill provides explicit instructions for the agent to generate and run arbitrary Python scripts for multi-step automation, which involves executing dynamically created code on the host machine.\n- [COMMAND_EXECUTION]: Thescripts/eval-js.pyutility enables the execution of arbitrary JavaScript expressions within the context of the automated browser.\n- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection risks by ingesting raw content from third-party websites without defined safety boundaries.\n - Ingestion points: Untrusted content is retrieved via
scripts/fetch.py,scripts/screenshot.py, andscripts/pdf.py.\n - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in
SKILL.md.\n - Capability inventory: The skill has the ability to write to system paths (
install.sh), execute arbitrary scripts (eval-js.py, Inline Python), and run background network services (scripts/serve.sh).\n - Sanitization: There is no evidence of filtering or sanitizing the data ingested from external pages before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata