agent-browser
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill creates a vulnerability surface for indirect prompt injection as it processes and acts upon untrusted data from external websites.
- Ingestion points:
templates/capture-workflow.shandtemplates/form-automation.shuseagent-browserto ingest web content (text, titles, and DOM structure) into the agent's context. - Boundary markers: Absent; the ingested content is not wrapped in delimiters or accompanied by instructions for the agent to ignore embedded commands.
- Capability inventory: The skill leverages the
agent-browsertool to perform actions such as navigation, form interaction, and writing local files (PDFs, screenshots, and session state files). - Sanitization: No sanitization or validation of the ingested web content is performed before it is processed.
- SAFE (SAFE): Credential management practices are secure. The templates utilize environment variables (e.g.,
APP_USERNAME), and the documentation (e.g.,references/authentication.md) explicitly warns against committing session state files to version control.
Audit Metadata