agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill implements an
executefunction that allows for arbitrary JavaScript execution within the browser context. This is a primary feature designed for DOM manipulation and data extraction. Evidence found in SKILL.md and references/commands.md. - [DATA_EXFILTRATION]: The tool can access and extract sensitive browser data, including cookies, local storage, and page content. The documentation (references/authentication.md) identifies these as risks and provides remediation guidance, such as using environment variables and avoiding the logging of passwords.
- [PROMPT_INJECTION]: The skill inherently exposes an indirect prompt injection surface by ingesting content from arbitrary websites.
- Ingestion points: Content is retrieved from external URLs via the
snapshotandexecutefunctions (SKILL.md). - Boundary markers: No explicit delimiters or instructions are provided to the agent to isolate external web content.
- Capability inventory: The skill can interact with elements, execute JavaScript, navigate the browser, and upload local files.
- Sanitization: No content sanitization or filtering is performed on the data retrieved from web pages before it is returned to the agent context.
Audit Metadata