agent-browser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs the
agent-browserpackage via NPM and downloads the Chromium browser. Since the developer (Vercel) is a trusted organization, these downloads are considered safe per the [TRUST-SCOPE-RULE]. - [COMMAND_EXECUTION] (SAFE): The skill executes the
agent-browserCLI via Bash to perform web interactions. All commands are standard for the tool's purpose, with no evidence of malicious command concatenation or shell injection patterns. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection as it ingests and processes untrusted web content.
- Ingestion points: Web content is ingested through
agent-browser snapshotandagent-browser get textcommands inSKILL.md. - Boundary markers: Absent. There are no explicit instructions or delimiters provided to help the agent distinguish between tool output and malicious instructions embedded in web pages.
- Capability inventory: The skill can perform file-system writes (
screenshot,pdf), web interactions (click,fill,select), and navigation (open). - Sanitization: No sanitization or content filtering is implemented for the data retrieved from external URLs.
Audit Metadata