Skills
skills/matrixy/agent-browser/vercel-sandbox/Gen Agent Trust Hub

vercel-sandbox

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's implementation for browser automation introduces an indirect prompt injection surface where untrusted data from processed websites could influence agent behavior.
  • Ingestion points: The url and data parameters in the screenshotUrl, snapshotUrl, and fillAndSubmitForm functions.
  • Boundary markers: None are utilized in the prompt templates or command construction within the provided example code.
  • Capability inventory: The skill uses sandbox.runCommand to perform a wide range of browser interactions (open, click, fill, wait) and execute shell commands inside the microVM environment.
  • Sanitization: The patterns do not demonstrate sanitization or escaping of the input data before it is passed to the sandbox commands.
  • [EXTERNAL_DOWNLOADS]: Downloads the @vercel/sandbox package from the official NPM registry and installs Chromium system dependencies via dnf within the microVM. These resources are retrieved from well-known and trusted providers.
  • [COMMAND_EXECUTION]: Employs sandbox.runCommand to execute setup and automation tasks (e.g., dnf install, npm install, agent-browser) within an ephemeral and isolated Linux microVM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 02:13 PM