agent-browser
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the agent-browser package from the NPM registry and download Chromium binaries through the agent-browser install command.
- [COMMAND_EXECUTION]: The skill facilitates the execution of Bash commands to control a web browser, including actions like opening URLs, clicking buttons, filling forms, and generating snapshots.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it ingests and processes content from external websites.
- Ingestion points: The agent reads untrusted data from the web using the agent-browser snapshot and agent-browser get commands.
- Boundary markers: The skill does not implement delimiters or provide instructions to the agent to treat retrieved web content as untrusted data.
- Capability inventory: The agent has high-privilege interaction capabilities, including the ability to perform clicks, fill form fields, and navigate to arbitrary URLs.
- Sanitization: No sanitization, validation, or filtering of the retrieved web content is performed before it is added to the agent's context.
Audit Metadata