antithesis-agent-browser
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes
agent-browser, an open-source tool maintained by a well-known service provider (vercel-labs), and the widely-usedjqutility for data manipulation. - [SAFE]: Authentication is designed with safety in mind; the interactive login flow explicitly requires user presence and confirmation, preventing silent credential access or unexpected browser window popups.
- [SAFE]: Browser interactions and data extraction logic are localized to the
*.antithesis.comdomain and implemented via an auditable JavaScript runtime provided within the skill's assets. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests data from Antithesis reports and logs which may contain untrusted content generated by the system under test.
- Ingestion points: Methods within
assets/antithesis-agent-browser.js(such asreport.getAllProperties()andlogs.getLogViewers()) extract text content from the DOM and return it to the agent context. - Boundary markers: The skill does not implement explicit delimiters or instructions to the agent to ignore potentially malicious instructions embedded in the extracted data.
- Capability inventory: The skill has the capability to execute shell commands (
agent-browser,jq,bash) and perform file system writes (viaassets/download-logs-from-url.sh). - Sanitization: The JavaScript runtime performs basic whitespace cleaning and string truncation (limiting error details to 2000 characters), which offers minimal mitigation against adversarial content.
- [SAFE]: No evidence of credential exposure, malicious persistence, obfuscation, or unauthorized network operations was found.
Audit Metadata