agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the
agent-browserpackage from NPM and the subsequent download of the Chromium browser via theagent-browser installcommand. These are functional requirements for the CLI tool. - [COMMAND_EXECUTION]: The skill relies on executing bash commands (e.g.,
agent-browser open,agent-browser click) to drive browser automation. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing external web content.
- Ingestion points: Untrusted data enters the agent context through the
agent-browser snapshot,get text, andget htmlcommands described inSKILL.md. - Boundary markers: The instructions do not define clear delimiters or provide the agent with specific warnings to ignore instructions found within the scraped web content.
- Capability inventory: The skill provides extensive capabilities to interact with the system and web, including form filling, element interaction, and navigation.
- Sanitization: There is no mechanism described for sanitizing or filtering retrieved HTML or text content before the agent processes it.
Audit Metadata