Skills
skills/yigitkonur/skills-by-yigitkonur/run-agent-browser/Gen Agent Trust Hub

run-agent-browser

Warn

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the agent-browser package globally from a public registry (e.g., npm install -g agent-browser) and to download the Chromium browser binary using the agent-browser install command.
  • [COMMAND_EXECUTION]: The skill operates by executing shell commands via the Bash tool. It utilizes agent-browser eval to execute arbitrary JavaScript within the browser context, which facilitates dynamic code execution at runtime.
  • [DATA_EXFILTRATION]: The skill includes capabilities to access and persist sensitive browser data, such as cookies, local storage, and authentication states via the state save, cookies, and storage local commands. It also supports accessing local system files using the --allow-file-access flag.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection (Category 8) as it processes untrusted content from web pages while maintaining access to powerful tools like shell execution and file system writes.
  • Ingestion points: Web page content (HTML, text, and metadata) retrieved through snapshot, get text, and eval commands.
  • Boundary markers: Mentions the AGENT_BROWSER_CONTENT_BOUNDARIES environment variable to wrap agent output for safety.
  • Capability inventory: Shell command execution (Bash), network operations, and file writing (screenshot, pdf, download).
  • Sanitization: Recommends the use of heredocs for eval to mitigate shell injection risks, though it doesn't provide comprehensive sanitization of untrusted web data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 4, 2026, 07:31 AM