browser-history
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (HIGH): Accesses sensitive Arc browser history databases, exposing private user activity to the agent context.
- COMMAND_EXECUTION (HIGH): Utilizes Bash to execute local scripts for database operations.
- PROMPT_INJECTION (HIGH): Highly vulnerable to Indirect Prompt Injection (Category 8). Ingestion: Untrusted web page titles and URLs from browser history. Boundary Markers: None detected in instructions. Capability Inventory: Bash and Read tools. Sanitization: No evidence of sanitizing external page titles before processing. Malicious titles could hijack agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata