Skills
skills/the-focus-ai/chrome-driver/browser-automation/Gen Agent Trust Hub

browser-automation

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The navigate and interact commands include an --eval parameter that allows for the execution of arbitrary JavaScript within the browser context. This provides a mechanism for dynamic code execution that could be exploited to perform actions on websites or access browser-level data.
  • [DATA_EXFILTRATION]: The skill's commands support a --user-data flag which permits specifying the filesystem path for Chrome profiles. This enables the agent to access and utilize existing browser sessions, potentially exposing sensitive information such as cookies, login tokens, and browsing history stored in those directories.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from untrusted external websites.
  • Ingestion points: Data is ingested through the extract command (markdown/text/HTML output) and the navigate/interact commands (via JavaScript evaluation of page content).
  • Boundary markers: The instructions do not define any delimiters or system instructions to distinguish between the skill's operational commands and the data retrieved from external URLs.
  • Capability inventory: The skill possesses significant capabilities including network navigation, file system writes (via screenshot, pdf, and record commands), and arbitrary JavaScript execution (--eval).
  • Sanitization: There is no evidence of sanitization or filtering of the content extracted from web pages before it is returned to the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 02:31 AM