browser
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides an
evalcommand to execute arbitrary JavaScript within the browser context. This is intended for complex web scraping and interaction tasks that cannot be performed through standard UI commands. - [DATA_EXFILTRATION]: The tool can access local files via the
file://protocol when the--allow-file-accessflag is explicitly used. It also facilitates the management of sensitive session data, such as cookies and authentication headers, which the documentation advises managing securely via environment variables and encrypted storage. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of external packages, including
agent-browserandappium, from the official npm registry to function. - [PROMPT_INJECTION]: As a browser automation tool, it is naturally exposed to indirect prompt injection from processed web content. This is an inherent risk of the tool's primary function. Findings include ingestion of untrusted data through commands like
open,snapshot, andget text, without explicit boundary markers in the prompt examples.
Audit Metadata