exploring-browser
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill incorporates a security-conscious workflow by mandating the use of
AskUserQuestionto obtain user consent before proceeding with code generation or modifications based on recorded browser sequences. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill includes functionality for capturing and managing sensitive session data, such as cookies and localStorage (
browser_get_cookies,browser_export_session). These tools are used appropriately for the stated purpose of maintaining authentication in automated workflows. - [DYNAMIC_EXECUTION]: JavaScript execution is supported through
RunScriptnodes to facilitate DOM manipulation and data extraction. This is standard functionality for browser automation tools and is documented with clear guidance for the agent. - [INDIRECT_PROMPT_INJECTION]: The skill interacts with external web content, creating a potential surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through
browser_navigateandbrowser_snapshotoperations. - Boundary markers: No specific delimiters or warnings for the agent to ignore instructions within web content are provided in the skill instructions.
- Capability inventory: The skill provides access to browser actions, network monitoring, and local file writing for session persistence.
- Sanitization: The skill does not define specific sanitization or filtering protocols for data ingested from the browser before it is processed by the agent.
Audit Metadata