Agent Browser
Fail
Audited by Snyk on Feb 15, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). The GitHub URL points to a transparent code repo under a recognizable org (lower risk) but any npm/git install can run arbitrary install scripts so should be reviewed; star-swap.com is an unverified third‑party site and the skill’s instructions to connect an agent to your real Chrome profile (remote debugging/session reuse) is high‑risk because it can expose active credentials and session data—together this is a moderate-to-high risk setup.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly lets the agent open and scrape arbitrary public web pages (e.g., "agent-browser open ") and inspect their contents via snapshot/get text or --json, so the agent will ingest untrusted third‑party website content that could carry indirect prompt injections.
Audit Metadata