skills/teachingai/full-stack-skills/agent-browser/Snyk

agent-browser

Warn

Audited by Snyk on Apr 5, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's core workflow instructs the agent to navigate to arbitrary URLs and ingest page state (e.g., "agent-browser open " and "agent-browser snapshot --json" in examples like examples/agent-mode/introduction.md and templates/ai-agent-workflow.md), which means untrusted public web content can be fetched and parsed to drive subsequent agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill includes an explicit runtime curl command to download a remote skill file that would be injected into an agent's skills directory—https://raw.githubusercontent.com/vercel-labs/agent-browser/main/skills/agent-browser/SKILL.md—which directly delivers instructions that can control agent prompts at runtime.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 5, 2026, 12:02 PM

Issues

2