website-debug
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The browser-start.js script uses rsync to clone the user's entire Chrome profile folder (e.g., from Library/Application Support/Google/Chrome) to a local cache directory (~/.cache/website-debug) when the --profile flag is used. This exposes highly sensitive session data, cookies, and history to any process that can read the cache.
- [COMMAND_EXECUTION] (LOW): The toolkit uses execSync and spawn to run system commands including rsync, killall, and pkill for managing browser instances.
- [CREDENTIALS_UNSAFE] (MEDIUM): The profile synchronization mechanism explicitly targets and copies user authentication data and session tokens.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection. Ingestion points: browser-dom.js (DOM content), browser-console.js (logs), and browser-network.js (traffic). Boundary markers: Absent. Capability inventory: browser-eval.js (executes JS), browser-nav.js (navigation), browser-start.js (process management). Sanitization: Absent. Malicious websites can embed instructions in HTML or console logs to manipulate the agent's behavior during a debugging session.
Audit Metadata