agent-browser
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
agent-browserCLI on the host system to perform browser automation tasks, such as opening URLs and interacting with web elements. This behavior is consistent with the skill's stated purpose of local browser verification. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by capturing and analyzing untrusted DOM content from web pages via the
snapshotcommand. - Ingestion points: Untrusted data enters the context from webpage DOM snapshots via the
agent-browser --session verify snapshot -icommand (SKILL.md). - Boundary markers: The instructions do not specify delimiters or guidelines to help the agent distinguish between captured data and instructions.
- Capability inventory: The agent can execute commands on the host system (
agent-browser) and manage directories (mkdir). - Sanitization: No explicit sanitization or filtering of the captured content is described in the skill instructions.
Audit Metadata