anti-detect-browser
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the anti-detect-browser NPM package and retrieves browser fingerprint data from vendor-managed APIs at antibrow.com.
- [COMMAND_EXECUTION]: Provides instructions for running the service as an MCP server using npx to execute the vendor's package.
- [DATA_EXFILTRATION]: Includes a liveView feature that streams active browser session visuals to the vendor's remote dashboard at antibrow.com for real-time monitoring.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing external web content via navigate and get_content tools. Ingestion points: navigate, get_content, evaluate; Capability inventory: Arbitrary JavaScript execution (evaluate), file-system persistence (profiles), network communication; Sanitization: None documented; Boundary markers: None documented.
Audit Metadata