agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the 'agent-browser' package via the Node Package Manager (NPM) and uses the tool to download the Chromium browser engine. These resources originate from a well-known and trusted organization.
- [COMMAND_EXECUTION]: The skill operates by executing Bash commands to interface with the browser CLI, facilitating actions such as navigation, form interaction, and element selection.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external websites.
- Ingestion points: Content enters the agent context through the 'agent-browser open' and 'agent-browser snapshot' commands used to retrieve page structures and text.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore or isolate potentially malicious instructions embedded within the accessibility tree or page HTML.
- Capability inventory: The skill allows for significant control over the browser, including clicking elements, filling forms, and saving screenshots or PDFs to the local file system.
- Sanitization: The skill does not implement specific sanitization or validation logic to filter out potentially hazardous instructions from the web content before it is parsed by the agent.
Audit Metadata