Agent Browser
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the agent-browser command-line utility via Bash to perform browser automation tasks such as navigation, clicking, and form filling.
- [EXTERNAL_DOWNLOADS]: Installation instructions guide the user to download the agent-browser package from the NPM registry and the source code from Vercel Labs' official GitHub repository.
- [REMOTE_CODE_EXECUTION]: The agent-browser eval command allows for the execution of arbitrary JavaScript code within the context of the currently loaded web page, which is a standard but high-privilege browser automation feature.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes unstructured data from external websites (via snapshot and get commands) which could contain malicious instructions designed to influence the agent's logic.
- Ingestion points: Web content is ingested through the snapshot, get text, and get html commands.
- Boundary markers: There are no specific boundary markers or delimiters defined in the skill to isolate untrusted web content from agent instructions.
- Capability inventory: The CLI has significant capabilities including network access, file system writes (screenshots/PDFs/state files), and in-page JavaScript execution.
- Sanitization: No explicit sanitization or filtering of the extracted web content is performed before returning it to the agent.
Audit Metadata