browser-use
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill recommends a configuration for
BrowserProfilewheredisable_securityis set toTrue. This action disables critical browser safety mechanisms such as the Same-Origin Policy (SOP) and SSL certificate validation, increasing the risk of cross-site attacks. - [COMMAND_EXECUTION]: The skill requests and utilizes high-privilege tools (
Bash,Exec) to run Python-based automation scripts and manage local browser processes. - [EXTERNAL_DOWNLOADS]: The skill interacts with non-standard, third-party LLM API providers at
https://cn.xingsuancode.comandhttps://ai.9w7.cn/v1. While these are used for the skill's primary function, they represent external data dependencies outside of the standard trusted providers. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for Indirect Prompt Injection due to its core browser-use functionality.
- Ingestion points: The
Agentreads and interprets arbitrary content from external websites (e.g.,polymarket.com) during task execution. - Boundary markers: The provided code templates do not implement delimiters or system-level instructions to differentiate between the user's original task and instructions potentially embedded in the target webpage's HTML.
- Capability inventory: The skill has access to sensitive capabilities including shell execution (
Bash,Exec), file system access (Read,Write), and authenticated browser sessions. - Sanitization: There is no logic present in the skill to sanitize, filter, or escape the web content before it is processed by the LLM, allowing a malicious webpage to potentially hijack the agent's flow.
Audit Metadata