browser
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The
start.jsscript includes functionality to copy the user's entire local Chrome profile (including session cookies, history, and saved data) to a temporary directory when the--profileflag is used. This exposes the user's active logins and sensitive data to the agent and any malicious content it encounters. - [COMMAND_EXECUTION] (HIGH): The
eval.jstool uses theeval()function to execute arbitrary JavaScript provided as a command-line argument within the active browser tab. This allows the agent to perform any action a user could in the browser, including modifying page content or stealing data. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It is designed to navigate to and process external web content while possessing high-privilege capabilities (JS execution and session access). A malicious website could embed instructions that the agent follows, leading to the exfiltration of session cookies or unauthorized actions on sensitive accounts.
- [DYNAMIC_EXECUTION] (MEDIUM): The
eval.jsscript creates an execution bridge between the agent's environment and the browser's JavaScript engine, which is a common vector for escalating simple text instructions into executable attacks.
Recommendations
- AI detected serious security threats
Audit Metadata