browser
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
tabz_spawn_profiletool (documented inreferences/profiles-and-plugins.md) allows the agent to execute shell commands on the host system. This is a high-risk capability that could be used to run arbitrary software or access the filesystem outside the browser context. - [REMOTE_CODE_EXECUTION]: The
tabz_execute_scripttool (documented inreferences/core-tools.md) permits the execution of arbitrary JavaScript within the context of any open browser tab. This enables the agent to manipulate web page behavior, bypass UI constraints, and access any data available to the page. - [CREDENTIALS_UNSAFE]: Multiple tools in
references/browser-data.md(tabz_cookies_get,tabz_cookies_list) grant direct access to browser cookies. This includes session and authentication cookies, which could be used to hijack user accounts. - [DATA_EXFILTRATION]: The skill provides numerous vectors for sensitive data access and exfiltration, including browsing history (
tabz_history_search), bookmarks (tabz_get_bookmark_tree), and live network traffic monitoring (tabz_get_network_requests). Thetabz_get_network_requeststool can capture API calls, including request headers and bodies which often contain secrets or personal data. - [EXTERNAL_DOWNLOADS]: The
tabz_download_filetool (documented inreferences/network-downloads.md) allows the agent to download files from arbitrary URLs to the local disk. This could be used to deliver malicious payloads to the user's system.
Audit Metadata