Agent Browser
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill contains no executable scripts or binary files, consisting solely of markdown instructions and metadata configuration.\n- [EXTERNAL_DOWNLOADS]: Provides instructions for the agent to download and install the
agent-browserutility from official npm registries and trusted GitHub repositories.\n- [COMMAND_EXECUTION]: Enables the agent to perform web automation by executing CLI commands for browsing, capturing snapshots, and interacting with page elements.\n- [REMOTE_CODE_EXECUTION]: Includes anevalcommand that allows the execution of arbitrary JavaScript within the target website's browser context, which is a standard feature for automation workflows.\n- [PROMPT_INJECTION]: As a browser-based agent, it is exposed to indirect prompt injection where content from visited websites could attempt to influence the agent's behavior.\n - Ingestion points: External website content retrieved via
snapshot,get, andfindcommands.\n - Boundary markers: The skill documentation does not define specific delimiters for separating web content from agent instructions.\n
- Capability inventory: Extensive interaction capabilities including form filling, JavaScript execution, and file uploads.\n
- Sanitization: Relies on standard browser environment isolation; no specific content sanitization is described before data is returned to the agent.
Audit Metadata