Skills
skills/phuetz/code-buddy/puppeteer/Gen Agent Trust Hub

puppeteer

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed for web scraping and automation, which inherently exposes the agent to indirect prompt injection. Instructions or malicious content embedded in the websites being visited could potentially influence the agent's behavior.
  • Ingestion points: page.goto(url) and page.evaluate() interact with external web content in SKILL.md.
  • Capability inventory: The skill utilizes file system writing (fs.writeFile) and full browser automation capabilities.
  • Sanitization: No explicit sanitization or boundary marking for scraped content is demonstrated in the examples.
  • [EXTERNAL_DOWNLOADS]: The documentation references the installation of the well-known puppeteer and puppeteer-core packages. It also mentions integration with MCP servers, including the official @anthropics/puppeteer-mcp and a third-party server @nicholasoxford/puppeteer-mcp.
  • [COMMAND_EXECUTION]: Provides examples of launching browser processes with specific arguments like --no-sandbox and --disable-setuid-sandbox, which reduce the browser's security boundaries to allow operation in restricted environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:13 AM