browser-auth-flow
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use browser automation tools and Bash to perform security audits. This usage is consistent with its stated purpose of probing authentication flows for vulnerabilities.
- [DATA_EXFILTRATION]: The skill captures sensitive session information such as cookies and OAuth tokens. However, it explicitly includes a quarantine process where data is stored within a local container and must pass through PII scanning tools (
mcp__claude-flow__aidefence_scan) and safety gates before being processed by the model, preventing unauthorized exfiltration. - [PROMPT_INJECTION]: As a tool that processes external website content, the skill is naturally exposed to an indirect prompt injection surface.
- Ingestion points: Data enters the agent context through browser snapshots, URL monitoring, and evaluation of DOM properties (document.cookie) from untrusted external login URLs.
- Boundary markers: The instructions do not define specific text delimiters for untrusted data, relying instead on the quarantine mechanism.
- Capability inventory: The skill has access to shell commands via Bash and file writing capabilities to record findings.
- Sanitization: The skill mitigates risks by requiring PII scanning (
aidefence_scan) and redaction gates before returning any captured data to the model context.
Audit Metadata