agent-browser-5
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the agent-browser utility from the NPM registry and references the official vercel-labs repository for source installation.
- [COMMAND_EXECUTION]: Provides extensive browser control via the agent-browser CLI, including the eval command for executing JavaScript within the browser context and various navigation/interaction commands.
- [PROMPT_INJECTION]: Presents an indirect prompt injection surface when processing external web pages. Ingestion points: Data enters the agent context through snapshot, get text, get html, and eval commands. Boundary markers: No delimiters or warnings are used to distinguish web content from instructions. Capability inventory: Includes file system writes (screenshots, PDFs, state files), network requests (navigation), and browser-side script execution (eval). Sanitization: No sanitization or filtering of web content is performed before it is presented to the agent.
- [CREDENTIALS_UNSAFE]: Includes features for managing and saving session states, cookies, and HTTP basic authentication credentials to local JSON files.
Audit Metadata