browserless
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
curlandjqto interact with the Browserless API. These are used for standard operations such as sending JSON requests, executing remote scripts on the service provider's infrastructure, and parsing the resulting data. - [EXTERNAL_DOWNLOADS]: The skill connects to
production-sfo.browserless.ioandproduction-lon.browserless.ioto perform browser automation tasks. These are the official endpoints for the Browserless service. It also references official documentation and account management pages atbrowserless.io. - [DATA_EXFILTRATION]: While the skill sends an API token (
BROWSERLESS_TOKEN) and request data to a remote server, this is done specifically to facilitate the requested browser automation service via its official API. The token is handled via environment variables, following security best practices for secret management. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to fetch and process content from external websites (scraping, screenshots, PDFs). This introduces a surface where untrusted data from the internet enters the agent's context.
- Ingestion points: Scraped HTML content, CSS selector results, and rendered page data fetched from user-provided URLs in
SKILL.md. - Boundary markers: None explicitly defined in the provided examples; the skill relies on the service's API response structure.
- Capability inventory: The skill uses
curlfor network requests andjqfor data processing. - Sanitization: There is no explicit sanitization or filtering of the fetched web content before it is returned to the agent's context.
Audit Metadata