dev-browser
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by allowing the agent to browse and interact with arbitrary, untrusted web content.\n
- Ingestion points: Web pages and dynamic content processed by the
agent-browsertool (identified in SKILL.md).\n - Boundary markers: The skill does not provide instructions or delimiters to help the agent distinguish between its system instructions and commands potentially embedded in web page content.\n
- Capability inventory: The agent can navigate, click, type, and take screenshots using
agent-browser. These actions could be maliciously triggered by content on a visited site.\n - Sanitization: No sanitization or filtering of the fetched web content is described.\n- [COMMAND_EXECUTION]: The skill relies on the execution of the
agent-browsercommand-line utility. While this is the core functionality, any command-line interaction with an external tool carries a baseline risk of misuse if parameters are not strictly controlled.
Audit Metadata