Agentic activities · Browser agent

Run a browser agent on a real career task and write the safety review

Use a free browser-use agent to research five employers in a target city. Watch what it does, where it gets confused, and where it almost did the wrong thing. Write the safety review you would give to a junior who wanted to use this tool.

About 30 minutes. Everything you write stays in your browser.

A browser agent is an AI that opens a real browser tab, clicks links, fills forms, and reads pages. The good news: it can do tedious research in five minutes that takes you an hour. The bad news: it will sometimes click the wrong thing, agree to terms, log into accounts, or leak information into search engines. This activity is about using one carefully, on a low-stakes task, and building the habit of watching what it does.

We use a research task because research is genuinely useful and almost impossible to mess up dangerously. Do not start with anything that involves a login.

Pick the agent

Free options as of 2026, in rough order of accessibility:

ChatGPT with browsing (free tier limited; works in the regular ChatGPT chat). Lowest friction. You ask, it browses, you watch.
Claude with computer use (currently API-only, paid). Skip for the workshop.
Browser-use (browser-use.com). Open source, free, but requires a setup and a paid OpenAI or Anthropic API key. Skip if you have not used a terminal.
Perplexity (perplexity.ai). Not strictly an agent, but does multi-step research with citations. Free tier good. Best choice for this activity.
Manus (manus.im). General agent platform, free tier with daily limits.

Use Perplexity for the workshop. It is free, fast, and shows its sources. The pattern of “agent does research and reports back” is identical to a more agentic system.

If you want a true browser agent, try Manus or browser-use after the workshop with a non-sensitive task.

Tool you picked + city you are researching

Not saved yet.

Write the research prompt

The prompt sets the boundaries. A loose prompt sends the agent off-target. A tight prompt produces a usable report.

Employer research prompt

You are researching potential employers for an early-career job seeker. Find me five employers in [CITY] that hire for [TARGET ROLE, e.g., Tier 1 help desk technicians or junior SOC analysts].

For each employer, return:
1. Company name and one-sentence description of what they do.
2. Approximate company size (small <100, mid 100-1000, large 1000+).
3. Whether they currently appear to have an open posting for the target role (check the company's careers page if you can).
4. The salary range publicly disclosed for the role, if any. Cite the source.
5. One thing distinctive about working there (employee reviews, recent news, or a stated workplace value), with the source.
6. Whether they appear to sponsor work visas, if you can tell.

Rules:
- Cite every claim. If you can't cite it, leave the field blank rather than guessing.
- Skip companies where the careers page is broken or unclear; do not invent.
- Do not include companies known for legally significant problems unless the news is directly relevant to the target role's working conditions.
- Format as a numbered list of five companies.

City: [your city]
Target role: [your role]

Run the prompt and watch what the agent does

Open Perplexity (or your chosen tool). Paste the prompt with your city and role filled in. Submit.

While it runs, do not switch tabs. Watch the agent’s process. Most agents show:

The searches they ran.
The pages they visited.
The sources they cited.

Note anything surprising:

A search query you would not have written.
A page it visited that does not seem relevant.
A claim it made that does not match the source it cited.

Notes on what you saw the agent do

Not saved yet.

Verify three claims yourself

Pick three specific claims from the agent’s output. For each, click the source the agent cited and read it.

Grade the claim:

Confirmed. Source supports the claim cleanly.
Stretched. Source loosely supports it but the claim is more confident than the source.
Wrong. Source does not support the claim, or the source is irrelevant.
Missing. No source given or the source link is broken.

Three verified claims

Not saved yet.

If two of three are stretched or wrong, the agent’s output is not yet usable for application decisions. Tighten the prompt with stricter citation rules and re-run.

Write the safety review

Pretend a junior on your team wants to use this same agent for the same task. Write the four-paragraph review you would give them.

Safety review prompt for AI to draft

I just ran a browser-based research agent on a real task. Help me draft a safety review I would give to a junior who wants to use the same tool. I'll give you my notes from the run.

Format:
1. What the tool does well, in 2-3 sentences. Be specific.
2. What it does badly, in 2-3 sentences. Be specific (cite the failure modes I saw).
3. Three rules a junior should follow when using this tool. Each rule is one sentence.
4. One task they should NOT use this tool for, with one sentence on why.

Rules:
- Plain language. Imagine the junior has used ChatGPT but never an agent.
- No corporate hedging. If the tool produced wrong information, say so directly.
- The review should be under 250 words.

My notes:
- Tool: [paste from step 1]
- What it did: [paste from step 3]
- Verification results: [paste from step 4]

Your safety review

Not saved yet.

Self-check: are you using this tool responsibly?

Check each one you can honestly say yes to. Saved to your browser.

I picked a low-stakes task. No login, no purchase, no form submission with personal data.
I watched the agent's process while it ran. I did not switch tabs.
I verified at least three claims against their cited sources, by clicking and reading.
I wrote a safety review I would actually hand to a coworker.
I have a clear rule for myself: tasks I will use a browser agent for, and tasks I will not.
I did not give the agent access to any account I care about (email, banking, work systems).
I know that 'agent runs unattended' is the failure mode, not the feature.

What to watch for

Hallucinated sources. Some agents fabricate URLs or cite a real URL whose content does not match the claim. The verification step is not optional.
Login confusion. Some agents (Manus, browser-use) can log into sites if you give them credentials. Never give them work credentials. Never give them anything you would not give a stranger.
Action taking, not just reading. Most “browser agents” can submit forms, click buy buttons, post to social media. Read the tool’s documentation about what kinds of actions it will and will not take by default. Confirm before allowing any action-taking task.
Privacy at the agent vendor. Your prompts, the pages the agent visits on your behalf, and the answers it gives are processed at the vendor (Perplexity, OpenAI, Anthropic, Manus). Treat that as you would treat any cloud service: do not include sensitive personal data.
Agent costs scale fast. A research task that takes 50 page-views and 30 LLM calls can burn $0.50-$2.00 in API costs on paid platforms. Free tiers cap this; paid tiers do not unless you set a budget. Set a budget if you go paid.
The right task for an agent today is research, not action. Many “agentic” tools advertise capabilities that work 70% of the time. 70% is unacceptable for any task where the wrong action has cost. Research is forgiving; “apply to this job for me” is not.