agent-browser
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes an agent that visits and processes content from arbitrary web pages, creating a vulnerability to indirect prompt injection.
- Ingestion points: The agent ingests data from external URLs provided during the intake phase or encountered during navigation (PHASE 1, SKILL.md).
- Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between its own system instructions and potentially malicious instructions found on a web page.
- Capability inventory: The agent can execute JavaScript using
eval, take screenshots, and interact with web elements (SKILL.md, Command Reference). - Sanitization: No sanitization or filtering of the web content is mentioned before the agent processes it.
- [COMMAND_EXECUTION]: The instructions explicitly direct the agent to use
evalfor executing JavaScript code within the browser context. - Evidence: The rules section states:
NEVER use javascript "..." — JS execution is eval "JS code". - This capability provides a high level of control over the browser environment, which could be abused if the agent is influenced by malicious third-party content.
Audit Metadata