Skills
skills/browserbase/stagehand/browse/Gen Agent Trust Hub

browse

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the browse CLI tool from the official NPM registry and supports the installation of site-specific automation logic from the Browse.sh catalog.
  • [COMMAND_EXECUTION]: The skill utilizes the browse CLI via Bash to execute browser automation tasks and manage cloud resources. This includes the browse eval command, which allows running JavaScript within the browser context to facilitate complex automation.
  • [PROMPT_INJECTION]: The tool retrieves data from external websites (via snapshots, fetching, and searching), creating a potential surface for indirect prompt injection where the agent might process malicious instructions embedded in web content.
  • Ingestion points: browse snapshot, browse get text, browse cloud fetch, and browse cloud search (SKILL.md).
  • Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore commands within ingested web data.
  • Capability inventory: Arbitrary JavaScript execution (browse eval), browser interaction (clicks, typing, uploads), and cloud project management (SKILL.md).
  • Sanitization: Absent; the skill processes raw page content and returns it to the agent without specific filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 09:28 AM
Security Audit — agent-trust-hub — browse