agent-browser
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill creates and manages session state files (e.g., auth-state.json) which contain sensitive authentication cookies and tokens. Evidence found in templates/authenticated-session.sh and references/authentication.md. Risk: Exposure of these files on the local filesystem could allow session hijacking.
- [DATA_EXFILTRATION] (MEDIUM): Documentation suggests using --ignore-https-errors to bypass SSL/TLS certificate validation in certain scenarios. Evidence found in references/proxy-support.md. Risk: Disabling certificate validation exposes the automation process to Man-in-the-Middle (MitM) attacks.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted content from the web, creating a surface for indirect prompt injection. 1. Ingestion points: Web content via agent-browser open and snapshot in templates/capture-workflow.sh. 2. Boundary markers: Absent. 3. Capability inventory: Browser interaction (click, fill) and writing files. 4. Sanitization: Absent.
- [COMMAND_EXECUTION] (LOW): Scripts execute shell commands via the agent-browser utility based on user-provided URLs. Evidence in all .sh templates.
Audit Metadata