agent-browser
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
evalcommand allows the execution of arbitrary JavaScript code within the controlled browser context. - [DATA_EXFILTRATION]: The skill includes commands to access sensitive browser data such as cookies (
agent-browser cookies) and local storage (agent-browser storage local), and supports saving the full session authentication state to local files (agent-browser state save auth.json). - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
agent-browserpackage and its associated browser engine from Vercel Labs, which is a trusted organization. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external websites. * Ingestion points: Web page content, accessibility trees, and console logs accessed via the
openandsnapshotcommands (SKILL.md). * Boundary markers: Absent; there are no instructions for the agent to distinguish between its own logic and content retrieved from the web. * Capability inventory: Navigation, file system writes for screenshots and session states, and JavaScript execution (SKILL.md). * Sanitization: Absent; the skill does not include steps to sanitize or validate content extracted from web pages.
Audit Metadata