Skills
skills/rlgrpe/camoufox-browser-cli/camoufox/Gen Agent Trust Hub

camoufox

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation guides the agent to use the camoufox-browser CLI to automate web interactions, which includes navigation, element interaction, and executing JavaScript within the browser context via the eval command.
  • [EXTERNAL_DOWNLOADS]: The open command allows the agent to fetch and process content from external web addresses as part of the tool's intended browsing functionality.
  • [DATA_EXFILTRATION]: The upload command is documented for use in automating web forms that require file attachments from local paths. While this allows data to be sent to external sites, it is a core feature of the described tool.
  • [PROMPT_INJECTION]: Browsing and inspecting external web pages using the snapshot command introduces a potential surface for indirect prompt injection from content hosted on those sites. (1) Ingestion points: External web content retrieved via the open and snapshot commands. (2) Boundary markers: Not specified in the skill instructions. (3) Capability inventory: Comprehensive browser control including navigation, form interaction, file uploads, and script execution. (4) Sanitization: No explicit sanitization of retrieved content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 06:55 PM