browser-tools
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The browser-cookies.js script extracts and displays all cookies for the current session, including httpOnly and secure tokens, which allows for session hijacking.
- [Data Exposure & Exfiltration] (HIGH): The browser-start.js script includes a --profile flag that uses rsync to clone the user's actual Chrome profile (including cookies, history, and stored logins) into a cache directory, creating a duplicate of sensitive data in an unmanaged location.
- [Dynamic Execution] (MEDIUM): The browser-eval.js script uses the AsyncFunction constructor to execute arbitrary JavaScript code in the browser context. While restricted to the browser, this can be used to exfiltrate page data or perform actions on behalf of the user.
- [Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface for indirect prompt injection via browser-content.js and browser-pick.js, which ingest untrusted web data without boundary markers or sanitization.
- [Command Execution] (LOW): The browser-start.js script uses execSync and spawn to manage browser processes and profile directories, representing a sensitive capability for an AI agent.
Recommendations
- AI detected serious security threats
Audit Metadata