agent-browser
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to interact with the environment by executing the
agent-browsercommand-line utility. This includes complex operations like browser navigation, element interaction, and state management via subprocess calls. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from external, untrusted websites.
- Ingestion points: Untrusted data enters the agent context through the
agent-browser snapshotandagent-browser getcommands inSKILL.md. - Boundary markers: Absent. The instructions do not provide delimiters or specific guidelines for the agent to distinguish between its primary instructions and the data fetched from web pages.
- Capability inventory: The agent has the ability to write files (
screenshot,state save), perform network operations (browser navigation), and execute commands (agent-browserCLI) as documented inSKILL.md. - Sanitization: Absent. There is no evidence of validation or filtering for the external content retrieved by the browser tool before it is processed by the agent.
Audit Metadata