Skills
skills/ruvnet/claude-flow/browser-replay/Gen Agent Trust Hub

browser-replay

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and execute the ruvector and @claude-flow/cli packages. These are vendor-owned and platform-specific tools required for session management and selector recovery.
  • [COMMAND_EXECUTION]: Shell commands are used to interact with the ruvector CLI and @claude-flow/cli. These commands handle session status checks and embedding-based memory searches for selector recovery.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and replaying data from external trajectory.ndjson files.
  • Ingestion points: The skill reads trajectory data from .../trajectory.ndjson in Step 2.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the trajectory data are defined.
  • Capability inventory: The skill dispatches a wide range of browser interaction tools, including mcp__claude-flow__browser_eval, which executes arbitrary JavaScript in the browser context based on the file content.
  • Sanitization: There is no evidence of validation or sanitization of the actions or arguments stored within the trajectory file before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:22 PM
Security Audit — agent-trust-hub — browser-replay