agent-browser
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install the
agent-browserpackage globally viabun install -g. This package is hosted on public registries and does not originate from a recognized trusted vendor list. - [COMMAND_EXECUTION]: The CLI tool supports an
--executable-pathparameter. This flag allows the agent to define and execute any local binary on the host system, which could be exploited to run unauthorized software if the agent's input is manipulated. - [EXTERNAL_DOWNLOADS]: The
agent-browser installcommand downloads and configures the Chromium browser from external sources. This automated download of executable binaries requires trust in the package's maintainers. - [DATA_EXFILTRATION]: The tool possesses high-privilege capabilities for data extraction, including
screenshot,pdf, andget html. If an agent is navigated to a sensitive internal or authenticated site, these features could be used to capture and exfiltrate private data. - [PROMPT_INJECTION]: By design, the skill reads and parses content from arbitrary web pages (e.g., via
snapshotorget text). This creates a significant surface for indirect prompt injection, where an attacker can embed malicious instructions in a website to take control of the agent processing that page.
Audit Metadata