agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation guides the installation of the 'agent-browser' package via npm, which is an official utility from Vercel Labs, a trusted organization.
- [COMMAND_EXECUTION]: The skill uses the 'agent-browser' CLI to perform legitimate browser automation tasks, including navigation, element interaction, and session management.
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it ingests data from external websites.
- Ingestion points: Web data enters the agent context through 'snapshot' and 'get' commands as seen in SKILL.md.
- Boundary markers: There are no explicit markers or instructions to isolate the data retrieved from the web from the agent's internal logic.
- Capability inventory: The skill allows the agent to interact with forms, navigate to any URL, and manage authentication states (SKILL.md).
- Sanitization: The skill does not mention any sanitization or filtering of the information retrieved from web pages before processing it.
Audit Metadata