Skills
skills/akillness/oh-my-skills/agent-browser/Gen Agent Trust Hub

agent-browser

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions and templates utilize a CLI tool named agent-browser to perform automation. This includes an eval command for executing JavaScript within the browser context, which is a standard feature for advanced web interactions and testing.
  • [EXTERNAL_DOWNLOADS]: The documentation mentions an agent-browser install command in the troubleshooting section, which is used to set up the necessary environment and browser binaries. These resources originate from the official repository of a well-known service.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process content from external websites, which presents a surface for indirect prompt injection. However, the skill provides explicit instructions for hardening the environment to mitigate this risk.
  • Ingestion points: External data enters the agent context via agent-browser open, snapshot -i, and get text (referenced in SKILL.md and references/commands.md).
  • Boundary markers: The skill supports AGENT_BROWSER_CONTENT_BOUNDARIES=1 to wrap page content and reduce injection risks (documented in SKILL.md).
  • Capability inventory: The skill has access to the Bash and Write tools and can execute JavaScript via the eval command (SKILL.md).
  • Sanitization: Users can implement AGENT_BROWSER_ALLOWED_DOMAINS to restrict navigation to trusted sites and AGENT_BROWSER_ACTION_POLICY to limit allowed browser operations (SKILL.md).
  • [DATA_EXFILTRATION]: The skill provides functionality to save and load browser session states (e.g., auth.json mentioned in references/authentication.md). This is a standard practice for maintaining authentication across sessions and requires proper local file permission management by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 07:59 AM