Agent Browser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill installs the 'agent-browser' package from npm and references the 'vercel-labs' GitHub organization. Both are recognized as trusted sources under the security policy, which reduces risks related to dependency integrity.\n- COMMAND_EXECUTION (LOW): Provides the 'eval' command to execute arbitrary JavaScript within the browser context. While a standard feature for automation, it could be leveraged by an agent to run code on a webpage. Severity is lowered as this is a core intended functionality.\n- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection. It ingests untrusted data from web pages and has powerful capabilities like 'eval' and 'fill'. 1. Ingestion: 'snapshot' and 'get text' commands read external web content. 2. Boundary markers: Absent. 3. Capability inventory: 'eval', 'click', 'fill', 'upload', 'cookies'. 4. Sanitization: Absent; the agent receives raw data from external sources.
Audit Metadata