skills/agent-browser/references/security.md

Security And Boundaries

By default, agent-browser imposes no navigation, action, or output restrictions.

Content Boundaries

Wrap page-sourced output so agents can distinguish untrusted page content:

export AGENT_BROWSER_CONTENT_BOUNDARIES=1
agent-browser snapshot

Domain Allowlist

Restrict navigation and subresource connections:

export AGENT_BROWSER_ALLOWED_DOMAINS="example.com,*.example.com"
agent-browser open https://example.com

Include CDN domains the page needs.

Action Policy

export AGENT_BROWSER_ACTION_POLICY=./policy.json

Example policy:

{"default":"deny","allow":["navigate","snapshot","click","scroll","wait","get"]}

Auth vault operations bypass action policy, but domain allowlist still applies.

Output Limits

export AGENT_BROWSER_MAX_OUTPUT=50000