agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
agent-browserCLI tool for navigation, interaction, and state management. This is the primary method of operation for the skill. - [EXTERNAL_DOWNLOADS]: The skill references and directs users to install the
agent-browserutility from Vercel Labs' official GitHub repository (vercel-labs/agent-browser). - [PROMPT_INJECTION]: The skill manages an indirect prompt injection surface inherent to browser automation, where malicious instructions could be embedded in external web pages.
- Ingestion points: Untrusted data enters the agent context via
snapshot,screenshot, andgetcommands that read content from live websites. - Boundary markers: The documentation explicitly encourages the use of
AGENT_BROWSER_CONTENT_BOUNDARIESto wrap external content with markers, helping the agent distinguish between data and instructions. - Capability inventory: The skill possesses capabilities to execute bash commands, write files, and run arbitrary JavaScript within the browser context using
eval. - Sanitization: The skill provides hardening options, including domain allowlisting and an
AGENT_BROWSER_ACTION_POLICYto restrict high-risk operations likeeval,download, andnetworkaccess.
Audit Metadata