agent-browser
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The SKILL.md file instructs users to run 'curl -fsSL https://cli.inference.sh | sh' for installation. This is a confirmed detection of unverified remote code execution from an untrusted domain piped directly to the shell.
- [Command Execution] (MEDIUM): The 'execute' function documented in references/commands.md enables arbitrary JavaScript execution on web pages. This provides a powerful capability that could be misused if the agent is manipulated while browsing.
- [Indirect Prompt Injection] (LOW): The skill handles untrusted web data and is vulnerable to indirect prompt injection. Evidence Chain: 1. Ingestion points: 'open' and 'snapshot' functions in SKILL.md; 2. Boundary markers: Absent; 3. Capability inventory: 'execute', 'interact', and 'screenshot' functions in references/commands.md; 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata