agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill functions by executing commands through the
agent-browserCLI to automate browser tasks such as navigation, snapshots, and element interaction. - [DATA_EXFILTRATION]: The skill includes functionality to save and load browser session states (e.g.,
state save auth.json), which can involve the storage of sensitive information such as authentication cookies and session tokens. It also extracts page content and captures screenshots. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests untrusted data from the web.
- Ingestion points: Navigation snapshots, element text extraction, input values, and browser console/error logs (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the interaction patterns.
- Capability inventory: High interaction surface including navigation, form filling, clicking, and persistent state management (SKILL.md).
- Sanitization: No evidence of content sanitization or validation of extracted web data before it is processed by the agent.
Audit Metadata