agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run the agent-browser package from the vercel-labs repository. Vercel Labs is a recognized trusted organization and well-known service, making this dependency safe.\n- [COMMAND_EXECUTION]: Browser control is achieved through standard Bash commands using the npx agent-browser CLI. This includes page navigation, element interaction, and executing JavaScript within the browser's context.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and processes untrusted content from external websites. Evidence chain: 1. Ingestion points: npx agent-browser open and snapshot commands in SKILL.md. 2. Boundary markers: No delimiters or ignore instructions are used in the provided examples. 3. Capability inventory: Commands such as click, fill, and eval are available for the agent to execute. 4. Sanitization: No explicit sanitization or filtering of the retrieved web data is performed. This is an inherent characteristic of browser automation tools.
Audit Metadata