Skills
skills/yigitkonur/skills-by-yigitkonur/run-agent-browser/Gen Agent Trust Hub

run-agent-browser

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill provides an eval command that allows the agent to execute JavaScript within the browser context. This is identified as a high-risk operation in references/safety.md, which explicitly recommends human approval and provides guidance on using read-only patterns to mitigate risks.
  • [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from the web, creating a potential surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context via agent-browser snapshot, get text, and eval operations across all automation workflows.
  • Boundary markers: The tool supports AGENT_BROWSER_CONTENT_BOUNDARIES to wrap tool output in LLM-safe markers, as described in references/safety.md.
  • Capability inventory: The skill possesses significant capabilities, including arbitrary browser navigation, form interaction, file downloads, and JavaScript execution via eval.
  • Sanitization: Security is managed through user-defined AGENT_BROWSER_ACTION_POLICY files and AGENT_BROWSER_ALLOWED_DOMAINS to restrict the agent's scope and permissions.
  • [EXTERNAL_DOWNLOADS]: The documentation references the installation of the agent-browser package and Chromium binaries. These references target the vercel-labs GitHub organization, which is a trusted source.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:36 PM
Security Audit — agent-trust-hub — run-agent-browser