Skills
skills/team2027/browserbase-skills/functions/Gen Agent Trust Hub

functions

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @browserbasehq/sdk-functions and playwright-core packages via the npm registry, which are the official libraries for the service.
  • [COMMAND_EXECUTION]: It utilizes the official browse CLI for project lifecycle management, including initialization, local server execution, and publishing scripts to the cloud environment.
  • [DATA_EXFILTRATION]: Performs network communication with api.browserbase.com for function invocation and polling, which is the expected and legitimate endpoint for this service.
  • [PROMPT_INJECTION]: The skill includes surfaces for indirect prompt injection (Category 8) due to processing external data:
  • Ingestion points: Parameters like params.url and params.selector are passed directly from user input or external calls to the automation script in SKILL.md and REFERENCE.md.
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are used in the provided templates.
  • Capability inventory: The skill possesses full browser control, including navigation, script execution, and data extraction via Playwright.
  • Sanitization: No input validation or sanitization is demonstrated in the examples.
  • [SAFE]: The skill correctly instructs users to manage sensitive credentials like BROWSERBASE_API_KEY through shell environment variables and .env files, avoiding the risk of hardcoded secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:59 AM
Security Audit — agent-trust-hub — functions