Skills
skills/reinamaccredy/skills/consult-chatgpt-pro-browser/Gen Agent Trust Hub

consult-chatgpt-pro-browser

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Node REPL js tool to dynamically load and execute local JavaScript modules from computed paths (e.g., within the .codex plugin cache). This mechanism is used to initialize the browser runtime.
  • [DATA_EXFILTRATION]: The skill transmits curated local data (code, diffs, errors) to chatgpt.com. While it requires user confirmation of the payload and destination, and mandates the removal of credentials, it establishes an external data channel.
  • [PROMPT_INJECTION]: The skill ingests untrusted local data, presenting an indirect prompt injection surface. Ingestion points: local files, diffs, and logs. Boundary markers: template instructions to treat packet content as data, not commands. Capability inventory: browser-use for external submission and js tool for browser setup. Sanitization: exclusion of environment files, keys, and PII.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 03:36 PM
Security Audit — agent-trust-hub — consult-chatgpt-pro-browser