agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the
agent-browserpackage and associated Chromium binaries from Vercel Labs' official repositories and well-known package registries. - [DATA_EXFILTRATION]: Provides capabilities to retrieve and persist sensitive session data for legitimate session management. Evidence: Includes commands to export authentication cookies and local storage state to local JSON files (e.g.,
agent-browser state save auth.json). - [PROMPT_INJECTION]: Contains a surface for indirect prompt injection from processing external web data. 1. Ingestion points: Untrusted web content via
agent-browser openandsnapshotinSKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: CLI subprocess execution, file system writes for screenshots/state, and network navigation inSKILL.md. 4. Sanitization: Absent. - [COMMAND_EXECUTION]: Orchestrates browser automation tasks through the
agent-browserCLI, allowing for deterministic element selection and multi-step workflow automation.
Audit Metadata