agent-browser-upstream
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime path is Phase 1/2 generating JSON/markdown from git commit messages/bodies and diffs fetched from the upstream Git repo (vercel-labs/agent-browser) and then loaded into the agent context for Phase 3 evaluation; these are outsider-authored free text (commit messages/bodies) originating from a third-party repository.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). At runtime the skill auto-clones and fetches from the remote git URLs git@github.com:outfitter-dev/agent-browser.git and git@github.com:vercel-labs/agent-browser.git (see ensureAgentBrowserRepo and git fetch), and those fetched commits/diffs are explicitly produced "for agent consumption" (generate-diff.ts), so external repository content can directly influence agent prompts/analysis.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata