agent-browser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill installs the 'agent-browser' package globally via npm and triggers the download of Chromium binaries using 'agent-browser install'. This is downgraded from MEDIUM to LOW per [TRUST-SCOPE-RULE] as 'vercel-labs' is a trusted GitHub organization.- REMOTE_CODE_EXECUTION (LOW): The 'eval' command allows the execution of arbitrary JavaScript within the browser context. This is a high-risk capability (MEDIUM) but is downgraded to LOW as it is a fundamental requirement for the skill's primary purpose of web automation.- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it ingests untrusted data from external websites. Mandatory Evidence Chain: 1. Ingestion points: Data entering through 'agent-browser open' and 'snapshot'. 2. Boundary markers: Absent; instructions do not specify delimiters for page content. 3. Capability inventory: Includes 'click', 'fill', 'state save', and 'eval'. 4. Sanitization: Absent.
- COMMAND_EXECUTION (LOW): The skill requires 'Bash' tool access to execute CLI commands for browser control.
Audit Metadata