Skills
skills/ruvnet/ruflo/browser-test/Gen Agent Trust Hub

browser-test

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes data from external websites, creating an attack surface for indirect prompt injection if an agent navigates to a malicious URL.
  • Ingestion points: External content enters the agent context through the browser automation tools described in SKILL.md (e.g., mcp__claude-flow__browser_open).
  • Boundary markers: There are no instructions or delimiters in the prompt to separate retrieved web data from the agent's internal instructions.
  • Capability inventory: The skill's environment includes tools for complete browser control, JavaScript execution (browser_eval), and a shell interface.
  • Sanitization: The skill does not implement validation or escaping for the content retrieved from external pages.
  • [COMMAND_EXECUTION]: The skill's workflow includes the use of mcp__claude-flow__browser_eval for executing custom JavaScript assertions within the browser context, which is a form of dynamic code execution intended for UI validation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 06:51 PM
Security Audit — agent-trust-hub — browser-test