functions
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Instructs users to store sensitive API keys and project IDs in a local
.envfile for authentication. - [EXTERNAL_DOWNLOADS]: Downloads the official
@browserbasehq/sdk-functionsandplaywright-corepackages from the NPM registry to enable automation capabilities. - [COMMAND_EXECUTION]: Uses the vendor's
bbCLI tool to initialize projects, start a local development server, and publish automation code to the cloud. - [DATA_EXFILTRATION]: Performs network requests to
api.browserbase.comto manage function deployments and retrieve task results. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via the browser automation engine which can load arbitrary external content.
- Ingestion points: Ingests untrusted data when navigating the browser to URLs provided through input parameters in
index.ts. - Boundary markers: The skill does not implement delimiters or instructions to ignore embedded commands within the content of navigated web pages.
- Capability inventory: Supports comprehensive browser control (navigation, interaction, extraction) and communication with the platform's API.
- Sanitization: The provided examples do not demonstrate validation or sanitization of input URLs or parameters before they are used in browser operations.
Audit Metadata