agent-browser
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Integration templates in 'templates/ai-agent-workflow.md' and 'examples/agent-mode/integration.md' demonstrate wrapping CLI commands using 'subprocess.run(shell=True)' in Python and 'exec()' in Node.js, which requires careful input handling to prevent injection.
- [COMMAND_EXECUTION]: The 'eval' command documented in 'api/commands.md' enables execution of JavaScript within the browser context for automation tasks.
- [EXTERNAL_DOWNLOADS]: Installation instructions in 'examples/getting-started/installation.md' involve downloading the tool and browser binaries from Vercel Labs' repositories.
- [EXTERNAL_DOWNLOADS]: Examples in 'examples/advanced/usage-with-agents.md' suggest fetching supplemental skill files from the official Vercel Labs GitHub repository.
- [COMMAND_EXECUTION]: The Linux installation guide in 'examples/getting-started/installation.md' includes 'sudo apt-get' commands for installing system-level dependencies.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface through the following:
- Ingestion points: Web content retrieved via the 'open' command.
- Boundary markers: Use of element refs (@e1) and structured JSON output to isolate page data.
- Capability inventory: Support for element interaction and arbitrary script execution via 'eval'.
- Sanitization: Content validation is left to the implementer's agent logic.
Audit Metadata