agent-browser
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes browser automation tasks through the "infsh" command-line tool. This includes a function to run arbitrary JavaScript within the browser context for tasks such as extracting cookies or manipulating the DOM.- [DATA_EXFILTRATION]: The skill is capable of navigating to any external URL and extracting sensitive session data, including cookies, text content, screenshots, and video recordings. It also supports file uploads, which could be used to send local files to remote servers if directed by an agent.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from the open web. Maliciously crafted web pages could contain instructions designed to manipulate the agent's behavior.
- Ingestion points: Page titles, element text, and body content retrieved from external websites via "open" and "snapshot" functions in "SKILL.md".
- Boundary markers: None. Raw text from the web is passed to the agent without delimiters or instructions to ignore potential commands embedded in the content.
- Capability inventory: The skill allows shell command execution, JavaScript execution, and file uploads.
- Sanitization: There is no identified sanitization or filtering of DOM content before it is presented to the agent.
Audit Metadata