agent-browser
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a legitimate browser automation tool. It correctly guides users to avoid hardcoding credentials and instead use environment variables (e.g., APP_USERNAME, APP_PASSWORD) within its shell script templates.
- [EXTERNAL_DOWNLOADS]: The documentation links to installation instructions for the vendor's CLI tool hosted on their official GitHub repository (https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md). This is a standard reference to vendor-provided resources.
- [DYNAMIC_EXECUTION]: The skill includes an
executefunction that allows the agent to run JavaScript on the currently opened web page. This is a primary feature for advanced web scraping and DOM interaction and is restricted to the browser context. - [PROMPT_INJECTION]: The skill acts as an interface for web browsing, meaning it processes untrusted data from external websites.
- Ingestion points: The
open,snapshot, andinteractfunctions in SKILL.md ingest data from external web pages into the agent's context. - Boundary markers: The provided templates do not implement specific boundary markers to isolate web content from agent instructions.
- Capability inventory: The skill utilizes
Bash(belt *)for service interaction and can execute JavaScript in the browser via theexecutefunction. - Sanitization: No explicit sanitization or filtering of web page content is performed before returning it to the agent. While this presents an indirect prompt injection surface, it is a standard risk for browser agents and is handled here with safe architectural patterns.
Audit Metadata