skills/oldwinter/skills/browser/Gen Agent Trust Hub

browser

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/start.cjs programmatically launches the Google Chrome browser using child_process.spawn with remote debugging enabled to allow automation.
  • [REMOTE_CODE_EXECUTION]: The script scripts/eval.cjs facilitates the execution of arbitrary JavaScript expressions in the browser's context via the Runtime.evaluate method of the Chrome DevTools Protocol.
  • [REMOTE_CODE_EXECUTION]: The script scripts/pick.cjs injects a custom JavaScript-based element picker into the active tab to retrieve element text and metadata.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it retrieves and processes content from external web pages. Ingestion points: scripts/eval.cjs and scripts/pick.cjs extract text and properties from the browser DOM. Boundary markers: The skill does not employ delimiters or specific instructions to separate untrusted page content from the agent's internal logic. Capability inventory: The skill can launch local processes (scripts/start.cjs), execute browser-side code (scripts/eval.cjs), and write image files to the temporary directory (scripts/screenshot.cjs). Sanitization: No sanitization or validation is applied to the data retrieved from external websites.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:30 AM
Security Audit — agent-trust-hub — browser