Skills
skills/mileycy516-stack/skills/agent-browser/Gen Agent Trust Hub

agent-browser

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions utilize npx and uvx to download and execute the agent-browser package from the official npm registry. This package originates from Vercel Labs, which is a trusted organization.
  • [COMMAND_EXECUTION]: The skill invokes various CLI commands through the agent-browser tool to automate browser sessions, including navigation and element interaction.
  • [REMOTE_CODE_EXECUTION]: The eval command allows for the execution of arbitrary JavaScript within the browser context. While this is a standard feature for automation tools, it represents a powerful capability that executes agent-provided logic on a webpage.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from the web.
  • Ingestion points: Data enters the agent context via open <url>, snapshot, and get content commands as described in SKILL.md and api/commands.md.
  • Boundary markers: Absent; the skill lacks specific delimiters or instructions to treat web-fetched content as untrusted data.
  • Capability inventory: The skill provides significant capabilities to interact with the target site, including click, fill, press, and eval in SKILL.md and api/commands.md.
  • Sanitization: Absent; there is no mention of sanitizing or filtering the content retrieved from web pages before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 07:18 PM