Skills
skills/fellipeutaka/leon/agent-browser/Gen Agent Trust Hub

agent-browser

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill operates by executing the agent-browser CLI via Bash to perform browser automation tasks.
  • [REMOTE_CODE_EXECUTION]: The eval command enables the execution of arbitrary JavaScript within the browser context, a standard feature for this tool type.
  • [DATA_EXFILTRATION]: The skill can export browser session states and authentication tokens to local files via state save and auth save. While intended for persistence, these files contain sensitive session data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing untrusted web content. Mitigation via the --content-boundaries flag is supported and recommended.
  • Ingestion points: snapshot, get text, and eval commands in SKILL.md and references/commands.md.
  • Boundary markers: Supported via the --content-boundaries flag which wraps output in verifiable nonces.
  • Capability inventory: Shell command execution, file system writes (state save), and arbitrary network navigation via browser control.
  • Sanitization: Provided through the optional but documented content boundaries feature to isolate page content from instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:37 AM