agent-browser

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [SAFE]: The skill consists entirely of instructional markdown and does not contain any executable code, shell commands, or obfuscated content. It focuses on providing best practices for browser-based verification tasks.
  • [NO_CODE]: No scripts, configuration files, or external dependencies are included in the skill. The analysis is based solely on the provided documentation.
  • [DATA_EXPOSURE]: The skill explicitly advises against security risks such as storing credentials in session logs or screenshots and recommends using programmatic authentication (API tokens) instead of UI-based logins when possible.
  • [INDIRECT_PROMPT_INJECTION]: The skill involves processing untrusted external data by browsing web pages.
  • Ingestion points: Web page content, HTML snapshots, console logs, and network traces described in SKILL.md.
  • Boundary markers: The instructions emphasize "supervised verification" and "one click at a time" over autonomous operations, which acts as a procedural boundary.
  • Capability inventory: Navigating, taking screenshots, reading console/network logs, and form filling as described in the documentation.
  • Sanitization: None specified, but the skill advises against unattended automation, ensuring a human-in-the-loop approach for data interpretation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 10:55 AM
Security Audit — agent-trust-hub — agent-browser