Skills
skills/inference-sh/agent-skills-registry/agent-browser/Gen Agent Trust Hub

agent-browser

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI tool to interact with the inference.sh platform for browser automation. This is a legitimate use of a vendor-provided tool for executing automation tasks via the inference.sh ecosystem.
  • [REMOTE_CODE_EXECUTION]: The execute function allows for arbitrary JavaScript execution in the browser context of the loaded web page. This is a standard capability for web automation tools but provides a powerful primitive for dynamic code execution.
  • [PROMPT_INJECTION]: The skill features an indirect prompt injection surface due to its interaction with untrusted web content.
  • Ingestion points: Content is brought into the agent context through the open, snapshot, and execute functions defined in SKILL.md.
  • Boundary markers: No explicit boundary markers or isolation instructions are present to separate web content from system prompts.
  • Capability inventory: Capabilities include navigation, form interaction, and JavaScript execution as described in references/commands.md.
  • Sanitization: Page content is not sanitized or filtered by the skill prior to being processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 07:52 PM