agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the agent-browser package from npm and the subsequent download of the Chromium browser.
- Evidence: npm install -g agent-browser and agent-browser install commands.
- [COMMAND_EXECUTION]: The skill operates by executing system-level commands through the agent-browser CLI to manage browser sessions and interact with web pages.
- Evidence: Examples such as agent-browser open, agent-browser click, and agent-browser snapshot used throughout the document.
- [DATA_EXFILTRATION]: The tool is designed to retrieve information from websites, including text, HTML, and screenshots, which are then provided to the agent.
- Evidence: Commands like agent-browser get html and agent-browser snapshot --json used for data extraction.
- [PROMPT_INJECTION]: The skill processes untrusted external data from the web, which constitutes an indirect prompt injection surface.
- Ingestion points: agent-browser snapshot and agent-browser get html in SKILL.md.
- Boundary markers: None specified in the instructions.
- Capability inventory: Subprocess execution of browser interactions (click, fill, open).
- Sanitization: None identified in the provided content.
Audit Metadata