agent-browser
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs the agent-browser package and downloads Chromium. As the source (Vercel) is a trusted organization, the installation risk is downgraded per trust rules.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses a broad set of CLI commands to control browser behavior, which grants the agent operational control over external browser processes.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion: It ingests content from arbitrary URLs via 'snapshot' and 'get' commands. 2. Boundary markers: No delimiters or markers are used to separate web content from the agent's instructions. 3. Capability inventory: The skill has 'write' capabilities, including 'click', 'fill', and 'check', which allow an attacker-controlled website to potentially trigger unintended actions. 4. Sanitization: No sanitization or filtering of web content is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata