agent-browser
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
agent-browserCLI tool from the NPM registry and uses it to download the Chromium browser. This is a standard installation process for browser automation utilities provided by well-known technology vendors. - [COMMAND_EXECUTION]: The skill relies on shell commands to control a headless browser via the
agent-browserCLI. This includes actions such as opening URLs, clicking elements, and filling forms. - [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by design.
- Ingestion points: The agent ingests untrusted content from external websites via accessibility snapshots and text extraction commands in
SKILL.md. - Boundary markers: None are explicitly defined in the instructions to separate untrusted web content from the agent's instructions.
- Capability inventory: The agent can perform network requests (navigation) and file writes (saving screenshots and PDFs) using the CLI tool as described in
SKILL.md. - Sanitization: No specific sanitization or filtering of the ingested web content is mentioned in the instructions.
Audit Metadata