agent-browser

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the belt (and infsh) CLI tools to perform browser actions. This command execution is explicitly constrained by the allowed-tools configuration in the skill's frontmatter.
  • [EXTERNAL_DOWNLOADS]: The skill documentation refers to the installation of external tools including the belt-sh/cli Node.js package and the oathtool utility for generating TOTP codes. These are legitimate dependencies for the skill's browsing and authentication capabilities.
  • [PROMPT_INJECTION]: As a web-browsing agent, the skill inherently processes untrusted data from external websites, creating a surface for indirect prompt injection. The @e element reference system helps mitigate this risk by providing a structured and abstracted view of interactive elements rather than raw DOM content.
  • [SAFE]: The skill follows secure development practices, providing clear instructions for managing secrets via environment variables, redacting sensitive information from logs, and ensuring resources are released through proper session management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:28 AM
Security Audit — agent-trust-hub — agent-browser