dev-browser
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes dynamically generated TypeScript code on the local host using 'npx tsx' and launches local servers via shell scripts like 'server.sh'.\n- [EXTERNAL_DOWNLOADS]: Directs users to download and install a browser extension from a third-party GitHub repository (github.com/SawyerHood/dev-browser/releases) that is not associated with a trusted vendor.\n- [DATA_EXFILTRATION]: The 'Extension Mode' grants the agent access to the user's active, logged-in browser sessions, providing visibility into private account data and session cookies.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of external web content.\n
- Ingestion points: Data enters the agent's context from untrusted websites via 'page.goto', 'page.textContent', and 'client.getAISnapshot'.\n
- Boundary markers: No explicit delimiters or isolation instructions are used to prevent the agent from executing instructions found within the scraped web content.\n
- Capability inventory: The agent has the ability to execute shell commands, interact with the user's browser, and capture screenshots.\n
- Sanitization: There is no evidence of sanitization or filtering of external data before it is processed.
Audit Metadata