agent-browser
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install an external package 'agent-browser' globally via NPM and download browser dependencies (Chromium) using the CLI. This is a required step for the skill's functionality.
- [COMMAND_EXECUTION]: The 'scripts/browser_test.py' file uses 'subprocess.run' to execute CLI commands. This is the primary mechanism for the Python wrapper to interact with the browser automation tool.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection.
- Ingestion points: Content is ingested from external websites via the 'snapshot' and 'get text' commands implemented in 'scripts/browser_test.py' and documented in 'references/commands.md'.
- Boundary markers: The skill does not use specific delimiters or instructions to prevent the agent from obeying commands embedded in the retrieved web content.
- Capability inventory: The skill possesses significant capabilities including browser navigation ('open_url'), element interaction ('click', 'fill'), file system writing ('screenshot'), and arbitrary JavaScript execution ('eval').
- Sanitization: No sanitization or filtering of the content retrieved from external URLs is performed before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill provides an 'eval' command (seen in 'references/commands.md' and 'scripts/browser_test.py') that allows for the execution of arbitrary JavaScript within the browser's context, which is a powerful dynamic execution feature.
Audit Metadata