agent-browser-2
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the agent-browser package via npm and the download of Chromium binaries. Both are sourced from Vercel Labs, a well-known technology provider.
- [COMMAND_EXECUTION]: The skill uses the agent-browser CLI for various browser operations. It includes a setup command for system dependencies on Linux, which may involve administrative privileges.
- [PROMPT_INJECTION]: The skill processes content from external websites, creating a potential vector for indirect prompt injection. ● Ingestion points: External data is ingested through the snapshot and get text commands. ● Boundary markers: No delimiters or instructions to ignore instructions within web content are provided. ● Capability inventory: The skill has high capabilities, including the ability to click elements, fill forms, and manipulate cookies or local storage. ● Sanitization: There is no evidence of sanitization or validation of the ingested web content before it is processed by the agent.
Audit Metadata