agent-browser
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides a legitimate and well-documented interface for browser automation, including templates for authentication, form filling, and content capture. No malicious behavior or suspicious code patterns were detected within the skill's instructions or scripts.\n- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection through its core functionality of interacting with external web content.\n
- Ingestion points: Web content is ingested into the agent context via
agent-browser snapshot,agent-browser get text, andagent-browser get html(e.g., intemplates/capture-workflow.sh).\n - Boundary markers: The provided scripts and documentation do not implement specific delimiters or instructions to treat web-derived content as untrusted data.\n
- Capability inventory: The
agent-browsertool provides extensive control over the browser, including JavaScript execution (eval), cookie management, and network request interception.\n - Sanitization: No evidence of sanitization or filtering of external content was found in the provided workflow templates.
Audit Metadata