agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: Analyzed the surface for indirect prompt injection via web content.
- Ingestion points: The skill ingests untrusted data from web pages via the
agent-browser snapshot -icommand (referenced in SKILL.md and references/snapshot-refs.md). - Boundary markers: Present. The documentation explicitly recommends the use of
AGENT_BROWSER_CONTENT_BOUNDARIES=1to delimit web content and reduce injection risks. - Capability inventory: The skill has access to tools like
BashandWrite(SKILL.md), and can perform browser-level actions likeclick,fill, andeval(references/commands.md). - Sanitization: Present. Security hardening options include
AGENT_BROWSER_ALLOWED_DOMAINSfor network restrictions andAGENT_BROWSER_ACTION_POLICYfor fine-grained action control. - [COMMAND_EXECUTION]: The skill facilitates browser automation through a dedicated CLI and supports executing JavaScript within the browser context using
eval --stdin. These features are fundamental to the skill's primary purpose and are accompanied by documented security guardrails.
Audit Metadata