test-browser
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
agent-browserpackage globally via NPM and uses it to download Chromium binaries (~160MB). The instructions attribute this tool to Vercel, a well-known service provider. - [COMMAND_EXECUTION]: The skill utilizes shell commands for environment verification, Git repository inspection (
git diff,gh pr view), and browser automation via theagent-browserCLI. These operations are within the expected scope of a QA testing tool. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It captures interactive snapshots of web pages and interprets their content to identify elements and verify application state. Maliciously crafted content on these pages could attempt to influence the agent's behavior.
- Ingestion points: Interactive snapshots of web pages captured using
agent-browser snapshot -iin SKILL.md (Steps 4 and 5). - Boundary markers: Absent. The skill does not provide instructions to the agent to treat page content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has the capability to execute arbitrary shell commands (e.g.,
npm install,git), take screenshots, and interact with the local file system and network via the browser. - Sanitization: None. Raw page snapshots are processed directly to find interactive elements.
Audit Metadata