Skills
skills/browserbase/skills/browser/Gen Agent Trust Hub

browser

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @browserbasehq/browse-cli package via npm. This is a vendor-provided tool from Browserbase and is used for its intended purpose of browser automation.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute browse CLI commands. These commands control browser lifecycle, navigation, and page interaction.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and interpret data from external websites.
  • Ingestion points: Web content is brought into the agent's context through commands like browse snapshot, browse get text, and browse get html as detailed in SKILL.md and REFERENCE.md.
  • Boundary markers: The instructions do not provide specific delimiters or ignore-behavior markers for the agent to use when processing output from the browser, increasing the risk of the agent obeying instructions found on a web page.
  • Capability inventory: The agent has access to the Bash tool, enabling it to execute shell commands, perform network operations, and access the filesystem based on instructions it might encounter.
  • Sanitization: No sanitization or validation logic is specified for the data retrieved from the browser before it is processed by the AI.
  • [COMMAND_EXECUTION]: The browse eval command allows the execution of JavaScript within the browser's page context. This is a standard automation feature but represents a vector for executing code derived from or interacting with untrusted web content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 04:27 AM