agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
agent-browserCLI to perform various browser actions such as navigating URLs, clicking elements, and filling forms.\n- [DATA_EXFILTRATION]: The skill can extract data from web pages using snapshots, text retrieval, and screenshots. This data is returned to the agent context or saved to local files.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of untrusted web content.\n - Ingestion points: Untrusted data enters the agent context via
agent-browser snapshotandagent-browser getcommands.\n - Boundary markers: The skill documentation does not mention the use of delimiters or instructions to ignore embedded commands within the ingested web data.\n
- Capability inventory: The skill provides significant interaction capabilities, including navigating, clicking, and filling inputs, which could be abused by malicious instructions in a web page.\n
- Sanitization: No sanitization or validation of the retrieved web content is indicated.\n- [CREDENTIALS_UNSAFE]: The skill includes commands to save and load browser session state (e.g.,
agent-browser state save auth.json), which stores sensitive cookies and authentication information in local files.
Audit Metadata