agent-browser
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the agent-browser CLI from NPM and fetches additional skill definitions using the tool. These resources originate from a well-known service and are central to the skill purpose.
- [COMMAND_EXECUTION]: Shell commands are used to verify the environment, install the CLI tool, and launch Google Chrome with specific debugging flags. This is standard for browser automation tasks.
- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection through browser automation. Evidence Chain: 1. Ingestion points: Page title, URL, and HTML snapshot (SKILL.md). 2. Boundary markers: Explicit Safety Rules section with instructions to ignore embedded commands. 3. Capability inventory: Browser automation (navigation, clicking, typing) and file_write (SKILL.md). 4. Sanitization: Explicit instructions to treat page content as untrusted evidence rather than instructions.
- [DATA_EXFILTRATION]: Network activity is localized to communication with the Chrome DevTools Protocol (CDP) on 127.0.0.1. No suspicious external data transfers were identified.
Audit Metadata