agent-browser-upstream

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime path is Phase 1/2 generating JSON/markdown from git commit messages/bodies and diffs fetched from the upstream Git repo (vercel-labs/agent-browser) and then loaded into the agent context for Phase 3 evaluation; these are outsider-authored free text (commit messages/bodies) originating from a third-party repository.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). At runtime the skill auto-clones and fetches from the remote git URLs git@github.com:outfitter-dev/agent-browser.git and git@github.com:vercel-labs/agent-browser.git (see ensureAgentBrowserRepo and git fetch), and those fetched commits/diffs are explicitly produced "for agent consumption" (generate-diff.ts), so external repository content can directly influence agent prompts/analysis.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 01:54 PM
Issues
2
Security Audit — snyk — agent-browser-upstream