agent-browser
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of instructional markdown and does not contain any executable code, shell commands, or obfuscated content. It focuses on providing best practices for browser-based verification tasks.
- [NO_CODE]: No scripts, configuration files, or external dependencies are included in the skill. The analysis is based solely on the provided documentation.
- [DATA_EXPOSURE]: The skill explicitly advises against security risks such as storing credentials in session logs or screenshots and recommends using programmatic authentication (API tokens) instead of UI-based logins when possible.
- [INDIRECT_PROMPT_INJECTION]: The skill involves processing untrusted external data by browsing web pages.
- Ingestion points: Web page content, HTML snapshots, console logs, and network traces described in
SKILL.md. - Boundary markers: The instructions emphasize "supervised verification" and "one click at a time" over autonomous operations, which acts as a procedural boundary.
- Capability inventory: Navigating, taking screenshots, reading console/network logs, and form filling as described in the documentation.
- Sanitization: None specified, but the skill advises against unattended automation, ensuring a human-in-the-loop approach for data interpretation.
Audit Metadata