Agent Browser
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
agent-browserpackage from npm or clone it from the official Vercel Labs GitHub repository. These are identified as trusted sources. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from arbitrary URLs. Ingestion points: Web content is ingested via
agent-browser snapshotandagent-browser get text. Boundary markers: None are present to prevent the agent from following instructions embedded in web pages. Capability inventory: The skill allows for JavaScript execution (eval), session management (state save/load), and file uploads, which could be abused if an injection occurs. Sanitization: No content sanitization is described. - [CREDENTIALS_UNSAFE]: The skill includes commands like
agent-browser cookiesandagent-browser state save auth.jsonthat allow the agent to read and export session tokens and cookies. While necessary for browser automation, these represent a high-value target for data exfiltration. - [COMMAND_EXECUTION]: The skill utilizes a powerful
evalcommand which permits the execution of arbitrary JavaScript within the browser context, providing extensive control over the web environment.
Audit Metadata