Skills
skills/browserbase/skills/cookie-sync/Gen Agent Trust Hub

cookie-sync

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill establishes a connection to a local browser instance via the Chrome DevTools Protocol (CDP) to extract session cookies. These cookies are then transmitted to the Browserbase cloud service (connect.browserbase.com) to populate a persistent browser context. This behavior is the primary intended purpose of the skill and is clearly documented as a means to enable authenticated browsing in the cloud.
  • [COMMAND_EXECUTION]: The main script utilizes the execSync function to execute local browser binaries (such as Chrome or Brave) with the --version flag. This is performed solely to verify compatibility and detect the installed browser version before initiating the sync process. The execution is restricted to a hardcoded list of common browser installation paths.
  • [DATA_EXFILTRATION]: The skill accesses browser profile metadata, specifically the DevToolsActivePort file, to identify the local debugging port. This file access is a functional requirement for connecting to an already running browser instance.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:31 AM