chrome-browser
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the Google Chrome binary from its standard macOS path to launch a dedicated instance with remote debugging and profile isolation enabled. It also utilizes
launchctlto install a persistent user-level LaunchAgent, ensuring the browser is available across sessions. - [EXTERNAL_DOWNLOADS]: Setup instructions recommend using
npxto download and run the@playwright/mcppackage, a well-known library for browser automation developed by Microsoft. - [PROMPT_INJECTION]: The skill enables an indirect prompt injection surface by allowing an agent to navigate and ingest arbitrary web content.
- Ingestion points: External data is read into the agent context via browser navigation and snapshot capabilities.
- Boundary markers: No specific delimiters or isolation instructions are implemented in the provided configuration scripts.
- Capability inventory: The system allows for full browser control, including interaction with web elements and local network communication on the CDP port.
- Sanitization: Web content is processed directly from the browser output without additional sanitization or filtering layers.
Audit Metadata