Skills
skills/bout3fiddy/agents/agent-browser/Gen Agent Trust Hub

agent-browser

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [Data Exposure & Exfiltration] (MEDIUM): The skill provides tools to extract sensitive session data.
  • Evidence: Commands agent-browser cookies, agent-browser storage local, and agent-browser state save allow for the extraction and local persistence of authentication tokens and session secrets.
  • Evidence: The agent-browser upload command allows the agent to read files from the local filesystem and transmit them to external web servers.
  • [Dynamic Execution] (MEDIUM): The skill permits arbitrary code execution within the browser context.
  • Evidence: The agent-browser eval command enables the execution of arbitrary JavaScript, which can be used to manipulate page logic or exfiltrate data not accessible via the standard DOM.
  • [Indirect Prompt Injection] (LOW): High vulnerability to instructions embedded in web content.
  • Ingestion points: agent-browser snapshot, agent-browser get text, and agent-browser console (File: SKILL.md).
  • Boundary markers: Absent. The skill does not provide delimiters or instructions to treat scraped content as untrusted data.
  • Capability inventory: High risk combination of file system access (upload, state save), credential access (cookies), and dynamic execution (eval).
  • Sanitization: Absent. External web content is passed directly back to the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:27 PM