Skills
skills/ruvnet/ruflo/browser-extract/Gen Agent Trust Hub

browser-extract

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx -y @claude-flow/cli@latest to download and execute a command-line tool for template storage and retrieval. This package is part of the Claude Flow ecosystem used by the skill.
  • [COMMAND_EXECUTION]: Utilizes Bash to manage session logic, execute template retrieval, perform string manipulation for PII redaction, and store extracted data.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external web pages, creating an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the context via mcp__claude-flow__browser_snapshot and mcp__claude-flow__browser_eval (SKILL.md).
  • Boundary markers: The skill does not define specific delimiters for the extracted content, but it mandates the use of a safety scanner.
  • Capability inventory: The skill has access to Bash for command execution and Write for file system operations.
  • Sanitization: Implements mcp__claude-flow__aidefence_is_safe and mcp__claude-flow__aidefence_has_pii to scan and redact malicious or sensitive content before it is returned to the model.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 09:11 PM
Security Audit — agent-trust-hub — browser-extract