agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it is designed to interact with and process data from untrusted web pages.\n
- Ingestion points: External content is ingested through the
snapshot,get-text,get-html, andevalcommands.\n - Boundary markers: There are no specific instructions or delimiters provided to help the agent isolate potentially malicious instructions embedded in web pages.\n
- Capability inventory: The agent has the ability to navigate arbitrary URLs, write files (screenshots and state saves), and execute JavaScript.\n
- Sanitization: No methods for sanitizing or validating external web content are described.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of scripts and commands within the browser and the host sandbox.\n
- Evidence: It includes a command for arbitrary JavaScript execution (
eval) and troubleshooting instructions that involve usingsudovia SSH (sudo chown -R 1000:1000 /home/user/.npm) to manage file permissions in the sandbox environment.\n- [EXTERNAL_DOWNLOADS]: The skill references theagent-browserpackage from Vercel Labs' official GitHub repository as its core automation engine.
Audit Metadata