agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing shell commands through the
agent-browserCLI to control browser sessions and perform actions like clicking or filling forms. - [EXTERNAL_DOWNLOADS]: The setup process requires installing the
agent-browserpackage from the NPM registry and downloading a Chromium binary using theagent-browser installcommand. - [PROMPT_INJECTION]: The skill presents a significant surface for indirect prompt injection because it ingests and processes untrusted data from the internet.
- Ingestion points: Untrusted website data is ingested via
snapshot,get text,get html, andscrape pagecommands. - Boundary markers: Absent; the skill does not provide the agent with instructions or delimiters to distinguish between web content and system commands.
- Capability inventory: The agent can navigate the network, submit forms, click elements, and save files (screenshots/PDFs) to the local filesystem.
- Sanitization: No evidence of sanitization or filtering of web content before it is presented to the agent.
Audit Metadata