Skills
skills/inference-skills/skills/agent-browser/Gen Agent Trust Hub

agent-browser

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the belt CLI tool to perform all browser operations. The provided templates and documentation also reference infsh, which serves as a functional alias for the belt command provided by the vendor. These tools are used for legitimate browser session management and interaction.\n- [PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection because it processes untrusted data from the web without explicit boundary markers.\n
  • Ingestion points: External data enters the agent's context through browser functions such as open, snapshot, and execute (which returns page content or JavaScript results).\n
  • Boundary markers: None are present; the skill instructions do not provide specific markers to help the agent differentiate between its own directives and the content of the web pages it is browsing.\n
  • Capability inventory: The skill provides high-privilege capabilities within the browser context, including arbitrary JavaScript execution (execute), navigation (open/goto), and comprehensive element interaction (interact).\n
  • Sanitization: No content sanitization or instruction-filtering is performed on the data retrieved from the browser before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 03:02 PM
Security Audit — agent-trust-hub — agent-browser