browser-extract
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the
@claude-flow/clipackage from the official NPM registry for template retrieval and storage tasks. - [REMOTE_CODE_EXECUTION]: Executes external code from the
@claude-flow/clipackage at runtime vianpxto perform memory operations. - [COMMAND_EXECUTION]: Uses
Bashfor string manipulation, PII redaction logic, and coordinating tool outputs within the extraction workflow. - [PROMPT_INJECTION]: The skill processes content from arbitrary external websites, creating a surface for indirect prompt injection attacks.
- Ingestion points: External data is ingested from web pages using browser tools in SKILL.md.
- Boundary markers: No explicit instruction-delimiters are used to wrap extracted content, although external safety scanning is mandated.
- Capability inventory: The skill possesses Bash, Write, and Read capabilities, which could be leveraged if malicious instructions are followed.
- Sanitization: Implements mcp__claude-flow__aidefence_is_safe to scan extracted strings for injection attempts prior to model interaction.
Audit Metadata