steel-browser
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard implementation for browser automation via the Steel CLI. All commands and documentation are consistent with legitimate web-driven workflows.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it processes untrusted content from external websites.
- Ingestion points: Web content is ingested through the
steel scrapeandsteel browser snapshotcommands as described inSKILL.md. - Boundary markers: The instructions do not define specific delimiters or "ignore previous instructions" guards for the data retrieved from the web.
- Capability inventory: The agent can navigate, interact with web elements, and execute JavaScript in the browser context via the
steeltool (detailed inreferences/steel-browser-commands.md). - Sanitization: No explicit sanitization or filtering of external web data is provided in the skill instructions.
Audit Metadata