web-access
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts (check-deps.sh, ensure-browser.sh, close-browser.sh) to manage the browser environment, detect dependencies, and handle cross-platform process termination.
- [EXTERNAL_DOWNLOADS]: The documentation identifies the 'agent-browser' Node.js package as a necessary dependency and provides installation instructions for the user.
- [REMOTE_CODE_EXECUTION]: A Python script is executed via a bash heredoc in 'close-browser.sh' to perform a manual WebSocket handshake with the Chrome DevTools Protocol for a graceful browser shutdown.
- [PROMPT_INJECTION]: As a web-browsing skill, it handles untrusted data from external URLs, which is a known surface for indirect prompt injection. 1. Ingestion points: Web content retrieved via WebFetch and agent-browser. 2. Boundary markers: No explicit technical delimiters are used for the fetched data. 3. Capability inventory: Shell script execution and persistent browser state management. 4. Sanitization: No specific sanitization of external content is documented.
Audit Metadata