agent-browser
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires installing the
agent-browserpackage globally from npm. Since the author and organization are not in the trusted list, this introduces unverified code into the environment. - [REMOTE_CODE_EXECUTION] (MEDIUM): Executing
agent-browser installtriggers the download of Chromium binaries. This constitutes remote code execution from an unverified source. - [COMMAND_EXECUTION] (MEDIUM): The use of
--with-depsduring installation modifies OS-level packages. This typically requires elevated privileges and can lead to unauthorized system changes. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted data from URLs. 1. Ingestion points:
agent-browser openandsnapshotoperations inSKILL.md. 2. Boundary markers: Absent in instructions. 3. Capability inventory: Full browser control including element interaction (click,fill) and data extraction (snapshot,screenshot). 4. Sanitization: No evidence of input validation or escaping for web content is present in the instructions.
Audit Metadata