agent-browser
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates interaction with untrusted external data by navigating to and snapshotting web pages via the
openandsnapshotfunctions. This establishes a surface for indirect prompt injection where malicious instructions embedded in third-party website content could attempt to influence the agent. - Ingestion points: External web content processed in SKILL.md and through the use of interaction templates.
- Boundary markers: There are no explicit instructions or markers provided to the agent to treat web content as isolated or potentially untrusted data.
- Capability inventory: The skill possesses extensive capabilities including web navigation, element interaction, screenshot capture, and JavaScript execution using the
infshCLI. - Sanitization: No explicit sanitization or filtering of external DOM content is mentioned or implemented in the provided templates.
- [COMMAND_EXECUTION]: The skill is designed to run the
infshcommand-line tool via Bash to manage browser sessions and perform automation. This execution is confined to the specific functions provided by the inference.sh platform. - [EXTERNAL_DOWNLOADS]: Documentation within the skill references setup and installation scripts hosted on the vendor's official GitHub repository at
raw.githubusercontent.com/inference-sh/skills. These references are provided for user configuration and setup purposes.
Audit Metadata