agent-browser
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires running 'agent-browser skills get' to fetch command syntax and workflows from a remote vendor source at runtime, which dynamically defines the agent's interaction logic.
- [REMOTE_CODE_EXECUTION]: The 'agent-browser eval' command permits the execution of arbitrary JavaScript within the browser context, which could be exploited to manipulate pages or access data.
- [COMMAND_EXECUTION]: The skill relies on shell commands for browser automation and includes features for connecting to browser instances via remote debugging ports. It also encourages Base64 encoding for the 'eval' command, which can mask the intent of executed scripts.
- [DATA_EXFILTRATION]: Session tokens, cookies, and authentication states are stored in plaintext JSON files (e.g., auth-state.json), posing a risk if these files are accessed by unauthorized processes.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted web data via snapshots and text extraction. It lacks boundary markers to separate data from instructions. Its capability inventory includes arbitrary JavaScript execution and browser interaction, and there is no evidence of sanitization of the scraped content.
Audit Metadata