browser

Pass

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The installation process fetches well-known packages including playwright and patchright from standard registries and downloads the Chromium binary from official sources.
  • [COMMAND_EXECUTION]: The browser_tool.py script utilizes subprocess to perform setup tasks and manage the lifecycle of the browser process. This usage is restricted to local environment management for the tool's operation.
  • [PROMPT_INJECTION]: The skill acts as a conduit for web data, creating a potential surface for indirect prompt injection when the agent processes content from untrusted websites.
  • Ingestion points: Data enters the system context via accessibility trees, HTML sources, and JavaScript execution results in browser_tool.py.
  • Boundary markers: Absent. The tool does not implement specific delimiters to distinguish between web content and agent instructions.
  • Capability inventory: The tool possesses the capability to execute local commands for browser management and arbitrary JavaScript within the browser context.
  • Sanitization: Only basic truncation is applied to large outputs to manage context window limits.
  • [REMOTE_CODE_EXECUTION]: The evaluate command enables the execution of JavaScript within the controlled browser instance. While this is a standard feature of the tool, it represents a powerful execution capability within the browser environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 24, 2026, 08:53 PM
Security Audit — agent-trust-hub — browser