browser-automation
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external websites. \n
- Ingestion points: The
browser_extractandbrowser_navigatetools (defined inSKILL.md) allow the agent to fetch and read content from any URL. \n - Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious instructions embedded within the scraped content. \n
- Capability inventory: The agent has access to powerful tools such as
BashandWriteas specified in theallowed-toolsfrontmatter. \n - Sanitization: No content validation or sanitization is mentioned for data retrieved from the browser. \n- [EXTERNAL_DOWNLOADS]: The skill setup involves running the
browser-usepackage viauvx, which is a standard procedure for using this browser automation tool.
Audit Metadata