unbrowse
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation states that it automatically extracts session cookies from Chrome and Firefox SQLite databases. This grants the agent access to highly sensitive authentication tokens, which could lead to unauthorized account access if misused.\n- [EXTERNAL_DOWNLOADS]: The skill implements a silent background auto-update mechanism that runs every 4 hours, allowing the vendor to modify the skill's behavior without user oversight. Additionally, it requires downloading an external browser engine via 'npx agent-browser install'.\n- [DATA_EXFILTRATION]: Discovered API contracts and skills are published to a central marketplace at 'beta-api.unbrowse.ai'. While the author claims credentials stay local, there is an inherent risk that sensitive session-specific data or PII could be leaked during the automated capture and publishing process.\n- [PROMPT_INJECTION]: The skill processes arbitrary data from any website URL provided by the user, creating a vulnerability to indirect prompt injection. Malicious content in website responses could attempt to manipulate the agent via the 'extraction_hints' and 'auto-extraction' features.\n- [COMMAND_EXECUTION]: The skill depends on local command execution through 'bun' and 'npx' and manages an encrypted vault at '~/.unbrowse/vault/', providing a significant surface for potential privilege escalation or system access.
Recommendations
- AI detected serious security threats
Audit Metadata