agent-browser-core
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation guides the installation of the 'agent-browser' CLI and its associated browser runtimes. These resources are part of the vendor's provided infrastructure for web automation.
- [COMMAND_EXECUTION]: The skill enables interaction with a browser automation engine capable of performing actions like clicking, typing, and executing scripts. The instructions emphasize safety by categorizing commands into safe and sensitive groups and recommending strict operational guardrails.
- [DATA_EXFILTRATION]: The skill acknowledges the handling of sensitive data such as cookies and session states. It provides clear instructions on treating these files as secrets and suggests using ephemeral sessions to prevent long-term data exposure.
- [PROMPT_INJECTION]: As a browser automation skill, it inherently processes untrusted data from web pages which could contain malicious instructions.
- Ingestion points: The skill processes external web content through the 'open' and 'snapshot' commands (documented in 'references/agent-browser-workflows.md').
- Boundary markers: The skill includes 'Safe mode defaults' in 'SKILL.md' and a 'Safety checklist' in 'references/agent-browser-safety.md'.
- Capability inventory: The tool provides high-privilege capabilities including 'click', 'fill', 'eval', and 'network route' as seen in 'references/agent-browser-command-map.md'.
- Sanitization: The documentation recommends domain allowlisting and human approval for high-risk operations to mitigate risks from untrusted content.
Audit Metadata