Agent Browser
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill provides direct commands (
agent-browser cookies,agent-browser storage local) to extract sensitive session data from the browser context. - [DATA_EXFILTRATION]: Documentation references the Chrome user data directory (
/home/willr/.config/google-chrome/Default), which is a sensitive path containing user profiles, cookies, and potentially saved credentials. - [COMMAND_EXECUTION]: The
agent-browser eval <js>command allows for the execution of arbitrary JavaScript within the browser environment, posing a risk if untrusted logic is processed. - [EXTERNAL_DOWNLOADS]: The skill fetches the automation tool from Vercel Labs' official GitHub repository and the npm registry.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted data from the web (via
snapshot,get text, andget htmlcommands inSKILL.md) without explicit boundary markers or sanitization. This data could contain instructions that influence the agent's actions using its browser control capabilities (click,fill,eval).
Audit Metadata