agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the agent-browser CLI and Chromium browser binaries from Vercel Labs' official repositories and the NPM registry.
- [DATA_EXFILTRATION]: The skill provides capabilities for the agent to access local files via file:// URLs and manage sensitive browser state such as cookies, localStorage, and authentication headers. These are functional features of a browser automation tool.
- [PROMPT_INJECTION]: The skill processes untrusted content from the web, which creates a surface for indirect prompt injection. (1) Ingestion points: Web content retrieved via navigation and snapshot commands. (2) Boundary markers: No specific markers for content isolation are documented. (3) Capability inventory: Capabilities include JavaScript evaluation (eval), local file access, and data downloads. (4) Sanitization: The documentation does not specify sanitization of ingested web data.
Audit Metadata