antithesis-agent-browser

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill utilizes agent-browser, an open-source tool maintained by a well-known service provider (vercel-labs), and the widely-used jq utility for data manipulation.
  • [SAFE]: Authentication is designed with safety in mind; the interactive login flow explicitly requires user presence and confirmation, preventing silent credential access or unexpected browser window popups.
  • [SAFE]: Browser interactions and data extraction logic are localized to the *.antithesis.com domain and implemented via an auditable JavaScript runtime provided within the skill's assets.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests data from Antithesis reports and logs which may contain untrusted content generated by the system under test.
  • Ingestion points: Methods within assets/antithesis-agent-browser.js (such as report.getAllProperties() and logs.getLogViewers()) extract text content from the DOM and return it to the agent context.
  • Boundary markers: The skill does not implement explicit delimiters or instructions to the agent to ignore potentially malicious instructions embedded in the extracted data.
  • Capability inventory: The skill has the capability to execute shell commands (agent-browser, jq, bash) and perform file system writes (via assets/download-logs-from-url.sh).
  • Sanitization: The JavaScript runtime performs basic whitespace cleaning and string truncation (limiting error details to 2000 characters), which offers minimal mitigation against adversarial content.
  • [SAFE]: No evidence of credential exposure, malicious persistence, obfuscation, or unauthorized network operations was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 11:01 PM
Security Audit — agent-trust-hub — antithesis-agent-browser