Skills
skills/brianlovin/claude-config/agent-browser/Gen Agent Trust Hub

agent-browser

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is highly susceptible to indirect prompt injection as it processes untrusted data from arbitrary URLs.
  • Ingestion points: snapshot, get text, get html, and console commands retrieve content from the web.
  • Boundary markers: The skill documentation does not define specific delimiters to separate web content from instructions.
  • Capability inventory: The agent-browser tool can write files (screenshot, pdf, state save), access network resources, read cookies, and execute JavaScript.
  • Sanitization: No sanitization mechanisms are described for the retrieved web data.
  • [Data Exposure & Exfiltration] (LOW): The skill provides direct access to sensitive browser data.
  • Evidence: agent-browser cookies and agent-browser storage commands can retrieve session tokens and local data. agent-browser state save allows writing this data to the local file system.
  • [Dynamic Execution] (LOW): The agent-browser eval command permits the execution of arbitrary JavaScript within the browser context.
  • Evidence: Use of eval allows for runtime code execution, which is an intended feature for complex web interactions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:33 PM