agent-browser
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
belt(andinfsh) CLI tools to perform browser actions. This command execution is explicitly constrained by theallowed-toolsconfiguration in the skill's frontmatter. - [EXTERNAL_DOWNLOADS]: The skill documentation refers to the installation of external tools including the
belt-sh/cliNode.js package and theoathtoolutility for generating TOTP codes. These are legitimate dependencies for the skill's browsing and authentication capabilities. - [PROMPT_INJECTION]: As a web-browsing agent, the skill inherently processes untrusted data from external websites, creating a surface for indirect prompt injection. The
@eelement reference system helps mitigate this risk by providing a structured and abstracted view of interactive elements rather than raw DOM content. - [SAFE]: The skill follows secure development practices, providing clear instructions for managing secrets via environment variables, redacting sensitive information from logs, and ensuring resources are released through proper session management.
Audit Metadata