agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Enables arbitrary JavaScript execution in the browser via the 'eval' command. This core functionality allows the agent to interact dynamically with web pages.
- [EXTERNAL_DOWNLOADS]: Utilizes the 'agent-browser' package from NPM and references 'appium' for mobile device simulation.
- [PROMPT_INJECTION]: Ingests untrusted content from web pages, creating a surface for indirect prompt injection. The skill provides 'content boundaries' via nonce-based delimiters and domain allowlisting to mitigate these risks.
- [DATA_EXFILTRATION]: Permits access to local files using the '--allow-file-access' flag. If combined with the agent's web navigation and form submission capabilities, this could be used for data exfiltration if the agent follows malicious instructions from an untrusted page.
Audit Metadata