agent-browser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's primary function is to capture and process data from external URLs, creating a surface for indirect prompt injection. * Ingestion points: Website content is captured via agent-browser get text, get title, and snapshot in templates/capture-workflow.sh. * Boundary markers: Absent. The templates do not include delimiters or instructions to isolate scraped content from the agent's control logic. * Capability inventory: The skill has broad browser interaction capabilities including click, fill, and state management in templates/authenticated-session.sh and form-automation.sh. * Sanitization: Absent. No evidence of content filtering or validation before the agent handles the scraped data.
Audit Metadata