agent-browser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill facilitates interaction with external websites, creating a surface where the agent could potentially ingest and act upon malicious instructions embedded in third-party content. \n
- Ingestion points: Target URLs provided to
agent-browser openin scripts liketemplates/capture-workflow.sh. \n - Boundary markers: The templates do not currently implement specific boundary markers or instructions to ignore embedded commands in the processed web content. \n
- Capability inventory: The skill allows for clicking elements, filling form data, uploading files, and saving browser state (cookies/storage). \n
- Sanitization: No automated sanitization of DOM content or text is performed before the agent interprets the page structure. \n- [Data Exposure & Exfiltration] (SAFE): The skill is designed to manage sensitive session data via
auth-state.jsonfiles. The documentation provides explicit best practices to prevent credential exposure, including instructions to ignore these files in version control and use environment variables for passwords. No hardcoded secrets or unauthorized exfiltration patterns were identified.
Audit Metadata