agent-browser
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The SKILL.md file contains a quick start command 'curl -fsSL https://cli.inference.sh | sh' that downloads and executes a remote shell script. This pattern is flagged as an untrusted remote code execution risk by automated security scanners.
- [COMMAND_EXECUTION]: The skill provides functions to interact with a browser and execute arbitrary JavaScript code via the 'execute' function in references/commands.md. It also permits the agent to run 'infsh' commands using the Bash tool as defined in the skill metadata.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when processing content from external websites. Ingestion points include the 'open', 'snapshot', and 'interact' functions which return page elements and text from external URLs; no boundary markers or instructions to ignore embedded commands are implemented; capability inventory includes browser actions like click and fill; no sanitization of retrieved content is performed.
- [DATA_EXFILTRATION]: The 'execute' function provides a mechanism to access sensitive browser data, such as cookies (documented in references/authentication.md), which could lead to the exposure of credentials and session data to the agent context.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata