agent-browser
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Instructions are provided for installing the
agent-browserpackage and downloading browser binaries via standard npm and CLI commands. It also references fetching configuration from Vercel Labs' official GitHub repository. - [COMMAND_EXECUTION]: Documentation includes administrative commands for installing system dependencies using
apt-getanddnf, which are necessary for the tool's underlying browser engine. - [REMOTE_CODE_EXECUTION]: The skill documents the
evalcommand, which allows for the execution of custom JavaScript within the browser context to perform data extraction and page interaction. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection as it facilitates the ingestion and processing of third-party web content.
- Ingestion points: Page text, attributes, and accessibility trees fetched from external URLs via
snapshotandgetcommands. - Boundary markers: Encourages structured data handling via JSON output.
- Capability inventory: Broad interaction capabilities including navigation, element interaction, and browser-side script execution.
- Sanitization: The skill documentation does not provide specific sanitization patterns, leaving validation to the logic of the integrating AI agent.
Audit Metadata