Skills
skills/oneshot-agent/agent-skills/oneshot-browser/Gen Agent Trust Hub

oneshot-browser

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the @oneshot-agent/sdk Node.js package. This is a vendor-owned resource associated with the skill author and is used to provide the core browser automation functionality.
  • [COMMAND_EXECUTION]: The skill enables the agent to execute autonomous browser tasks through the agent.browser() function. This allows for complex interactions including website navigation, form submission, and data extraction.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external web data.
  • Ingestion points: Data enters the agent's context from any website visited via the agent.browser command.
  • Boundary markers: The skill does not define specific delimiters or instructions to the agent to disregard commands embedded within the external HTML or text it processes.
  • Capability inventory: The agent has the ability to navigate domains, fill forms, and utilize persistent profiles (cookies/localStorage), which could be abused if the agent is manipulated by malicious content on a webpage.
  • Sanitization: No automated sanitization or filtering of the external website content is mentioned before it is parsed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:25 PM
Security Audit — agent-trust-hub — oneshot-browser