Skills
NYC
skills/aktsmm/agent-skills/browser-max-automation/Gen Agent Trust Hub

browser-max-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Dynamic Execution (MEDIUM): The browser_run_code tool allows the agent to execute arbitrary JavaScript within the browser context. This provides a high-impact vector for data exfiltration (e.g., stealing session cookies) if the agent is manipulated.
  • Command Execution (MEDIUM): Setup instructions guide users to enable the Chrome DevTools Protocol (CDP) on port 9222. An exposed debugging port can be exploited by local malicious processes to seize control of the browser.
  • Unverifiable Dependencies & Remote Code Execution (LOW): The skill uses npx @playwright/mcp@latest for its core functionality. While Playwright is a trusted project by Microsoft, executing unversioned code from a public registry at runtime remains a potential supply-chain concern.
  • Indirect Prompt Injection (LOW): Because the tool navigates to untrusted external websites and processes their content via browser_snapshot, it is susceptible to indirect prompt injection attacks where malicious web content attempts to control the agent's browser actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:06 PM