agent-browser
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The 'eval' command allows execution of arbitrary JavaScript in the browser context, which can be used to extract data or manipulate pages.
- [Obfuscation] (MEDIUM): Documentation promotes using Base64 encoding for JavaScript payloads to bypass shell escaping, which also serves to obfuscate code.
- [Data Exposure & Exfiltration] (MEDIUM): The skill supports local file access via the '--allow-file-access' flag and 'file://' protocol, risking exposure of sensitive system files.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted content from websites through 'snapshot' and 'get text' commands, creating a surface for instructions embedded in web pages to influence the agent.
- [Persistence Mechanisms] (LOW): Session data including cookies is stored in local files, which requires careful management to avoid credential exposure.
Audit Metadata