agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various bash commands using the agent-browser CLI to control web browser behavior.
- [EXTERNAL_DOWNLOADS]: The skill requires installing a global NPM package and subsequently downloading a Chromium binary via the agent-browser install command.
- [DATA_EXFILTRATION]: Provides the ability to read sensitive browser artifacts including cookies, localStorage, and sessionStorage, as well as capturing screenshots and PDFs of web content.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external web data. Ingestion points: Untrusted data enters the agent context through accessibility tree snapshots and text/HTML retrieval from web pages. Boundary markers: The instructions do not define delimiters or specific warnings for the agent to ignore instructions embedded in the snapshots. Capability inventory: The skill allows the agent to execute arbitrary JavaScript (eval), manipulate headers/cookies, and perform network request routing. Sanitization: No sanitization or validation of the retrieved web content is performed before presenting it to the agent.
Audit Metadata