agent-browser
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'agent-browser' npm package ('npm install -g agent-browser') and the downloading of Chromium binaries. These are external dependencies not pinned to a specific version.
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'Bash' tool and explicitly includes an 'eval' command to execute arbitrary JavaScript within the browser context. This capability can be used to manipulate web pages or exfiltrate data from the browser environment.
- [DATA_EXFILTRATION]: The skill provides commands such as 'agent-browser cookies get' and 'agent-browser storage local get' which allow the agent to read sensitive session information and persistent storage data from the browser.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from external websites (via 'snapshot' and 'get' commands) and uses this data to drive subsequent logic. The instructions provide no sanitization or boundary markers to differentiate between the user's original intent and potentially malicious instructions embedded in a target website's content.
Audit Metadata