agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the "agent-browser" package from the NPM registry and executes an internal command to download a Chromium browser instance. These resources are provided by Vercel, which is a trusted organization.
- [COMMAND_EXECUTION]: The skill is centered around executing Bash commands for the "agent-browser" CLI to perform actions like opening URLs, clicking elements, and typing text.
- [PROMPT_INJECTION]: The skill provides an interface for reading and interacting with untrusted web content, which creates a significant surface for indirect prompt injection. * Ingestion points: "agent-browser snapshot", "agent-browser get text", and "agent-browser get html". * Boundary markers: No delimiters or protective instructions are defined to separate untrusted web content from the agent's instructions. * Capability inventory: The skill has extensive control over the browser session, including the ability to navigate, click, fill forms, and take screenshots. * Sanitization: There is no evidence of filtering or sanitization of the scraped web data before it is presented to the agent.
Audit Metadata