agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the
agent-browser evalcommand, which allows for JavaScript execution within the browser. This is a standard feature for automation tasks and is documented with safe usage examples. - [DATA_EXFILTRATION]: Features for saving and loading session state (
agent-browser state save/load) are included to support authenticated sessions. The documentation correctly identifies the sensitivity of these files and provides guidance on secure management. - [PROMPT_INJECTION]: The skill facilitates the ingestion of external web content, which presents a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via commands like
agent-browser openandsnapshotinSKILL.mdand various templates. - Boundary markers: No specific delimiters are mandated for separating retrieved web content from agent instructions.
- Capability inventory: The CLI tool allows for file access, network operations, and code execution within the browser environment.
- Sanitization: Content retrieval is direct, without pre-processing or sanitization of potential injection vectors in HTML or text.
Audit Metadata