agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: References and utilizes the agent-browser CLI tool, which is sourced from Vercel Labs (a trusted organization).
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and process data from arbitrary external websites.
- Ingestion points: Web page content is brought into the agent's context via the
openandsnapshotcommands. - Boundary markers: The documentation explicitly mentions the
AGENT_BROWSER_CONTENT_BOUNDARIESenvironment variable to help delimit external content. - Capability inventory: The skill utilizes
Bashand provides a browser-sideevalcapability for JavaScript execution. - Sanitization: Hardening guidelines recommend using
AGENT_BROWSER_ALLOWED_DOMAINSandAGENT_BROWSER_ACTION_POLICYto restrict the agent's reach and capabilities. - [COMMAND_EXECUTION]: Executes automation tasks through a CLI. Includes an
evalcommand that allows dynamic JavaScript execution within the headless browser environment. - [CREDENTIALS_UNSAFE]: Documentation provides best practices for authentication, favoring environment variables and session state files over hardcoded secrets.
Audit Metadata