agent-browser
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Utilizes the
agent-browserpackage sourced from thevercel-labsGitHub organization, which is a trusted and well-known developer entity. - [COMMAND_EXECUTION]: Employs the
agent-browsercommand-line interface to perform session management and browser-based interactions such as clicking and filling forms. - [COMMAND_EXECUTION]: Executes a local Python script via heredoc to perform connectivity diagnostics for a Browser Relay service located at
127.0.0.1. - [REMOTE_CODE_EXECUTION]: Supports dynamic execution of JavaScript within the browser environment using an
evalmechanism to facilitate structured data extraction. - [PROMPT_INJECTION]: As the skill is designed to interact with external websites, it possesses an inherent attack surface for indirect prompt injection from malicious web content.
- Ingestion points: Untrusted data enters the agent context via the
agent-browser openandsnapshotcommands. - Boundary markers: No specific delimiters or boundary warnings for external content are defined in the instructions.
- Capability inventory: The skill provides the ability to execute shell commands and perform browser interactions.
- Sanitization: There is no explicit description of sanitization or filtering for the content ingested during web browsing sessions.
Audit Metadata