agent-browser
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
agent-browserpackage from Vercel Labs via npm and subsequent execution ofagent-browser installto download the Chromium browser. These are standard operations for this tool. - [COMMAND_EXECUTION]: The skill's primary functionality is delivered through extensive execution of the
agent-browserCLI tool for navigation, element interaction, and state management. - [DATA_EXFILTRATION]: The skill includes commands to export browser session data, including cookies and local storage, to local files (e.g.,
agent-browser state save auth.json). While intended for session persistence, these files contain sensitive credentials that could be exposed if stored insecurely. - [PROMPT_INJECTION]: As the skill ingests and snapshots untrusted HTML content from the internet, it is susceptible to indirect prompt injection. Attackers could embed malicious instructions in web pages that the agent might follow when processing snapshots. The skill lacks explicit boundary markers or sanitization logic to mitigate this risk.
Audit Metadata