agent-browser

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Utilizes the agent-browser package sourced from the vercel-labs GitHub organization, which is a trusted and well-known developer entity.
  • [COMMAND_EXECUTION]: Employs the agent-browser command-line interface to perform session management and browser-based interactions such as clicking and filling forms.
  • [COMMAND_EXECUTION]: Executes a local Python script via heredoc to perform connectivity diagnostics for a Browser Relay service located at 127.0.0.1.
  • [REMOTE_CODE_EXECUTION]: Supports dynamic execution of JavaScript within the browser environment using an eval mechanism to facilitate structured data extraction.
  • [PROMPT_INJECTION]: As the skill is designed to interact with external websites, it possesses an inherent attack surface for indirect prompt injection from malicious web content.
  • Ingestion points: Untrusted data enters the agent context via the agent-browser open and snapshot commands.
  • Boundary markers: No specific delimiters or boundary warnings for external content are defined in the instructions.
  • Capability inventory: The skill provides the ability to execute shell commands and perform browser interactions.
  • Sanitization: There is no explicit description of sanitization or filtering for the content ingested during web browsing sessions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 07:33 PM
Security Audit — agent-trust-hub — agent-browser