agent-browser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill templates for web scraping and form automation establish a surface for indirect prompt injection, where malicious instructions embedded in untrusted web data could influence the agent's behavior.
- Ingestion points: Web content is extracted in 'templates/capture-workflow.sh' using 'agent-browser get text body' and 'agent-browser snapshot'.
- Boundary markers: Absent; the templates do not implement delimiters or specific instructions to isolate scraped content from the agent's internal command context.
- Capability inventory: The skill provides full access to the 'agent-browser' tool, which is capable of network navigation, interaction, and data extraction across multiple scripts.
- Sanitization: No sanitization or validation of the captured web content is performed within the provided templates.
Audit Metadata