agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to browse and extract data from external websites.\n
- Ingestion points: Web content retrieved via 'agent-browser open', 'snapshot', and 'get text' commands.\n
- Boundary markers: None identified; there are no specific delimiters to separate untrusted web content from agent instructions.\n
- Capability inventory: High-impact actions including browser navigation, form interaction (clicking, typing), and file system operations (saving screenshots and session state to 'auth.json').\n
- Sanitization: No sanitization or filtering of DOM content is mentioned in the skill definition.\n- [EXTERNAL_DOWNLOADS]: The skill relies on external software and binaries for its core functionality.\n
- Installs the 'agent-browser' package from npm globally.\n
- Downloads the Chromium browser binary via the 'agent-browser install' command.\n- [COMMAND_EXECUTION]: The skill operates by executing shell commands using the 'agent-browser' CLI tool to perform browser automation tasks.
Audit Metadata