browser
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/start.cjsprogrammatically launches the Google Chrome browser usingchild_process.spawnwith remote debugging enabled to allow automation. - [REMOTE_CODE_EXECUTION]: The script
scripts/eval.cjsfacilitates the execution of arbitrary JavaScript expressions in the browser's context via theRuntime.evaluatemethod of the Chrome DevTools Protocol. - [REMOTE_CODE_EXECUTION]: The script
scripts/pick.cjsinjects a custom JavaScript-based element picker into the active tab to retrieve element text and metadata. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it retrieves and processes content from external web pages. Ingestion points:
scripts/eval.cjsandscripts/pick.cjsextract text and properties from the browser DOM. Boundary markers: The skill does not employ delimiters or specific instructions to separate untrusted page content from the agent's internal logic. Capability inventory: The skill can launch local processes (scripts/start.cjs), execute browser-side code (scripts/eval.cjs), and write image files to the temporary directory (scripts/screenshot.cjs). Sanitization: No sanitization or validation is applied to the data retrieved from external websites.
Audit Metadata