browser
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a CLI tool named 'browse' to automate web browser interactions. It involves executing shell commands for navigation, page state inspection, and element interaction (clicking, typing, form filling).
- [EXTERNAL_DOWNLOADS]: The skill requires and provides instructions for the installation of the 'browse' package via the npm registry, which is a well-known service.
- [PROMPT_INJECTION]: The skill ingests untrusted data from external websites through data extraction commands, which constitutes an indirect prompt injection surface.
- Ingestion points: Web content is read into the agent context via 'browse snapshot', 'browse get text', and 'browse get html' (found in SKILL.md and REFERENCE.md).
- Boundary markers: The skill does not define specific delimiters or instructions for the agent to ignore potentially malicious commands embedded in the scraped web content.
- Capability inventory: The agent has significant capabilities including executing shell commands via the 'Bash' tool and performing interactive browser actions like 'browse click' and 'browse type' (found in SKILL.md).
- Sanitization: No sanitization or filtering mechanisms for the ingested web data are described in the instructions.
Audit Metadata