bb-browser
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a custom CLI tool
bb-browservia Bash to perform browser-based actions like navigation, form filling, and UI interaction. - [REMOTE_CODE_EXECUTION]: The
bb-browser evalcommand allows for the execution of arbitrary JavaScript within the browser context, which can be used to programmatically extract data or manipulate web applications. - [DATA_EXFILTRATION]: The skill is designed to access "private information" from internal systems and logged-in user accounts. It also provides tools to monitor network requests, posing a risk of sensitive data access.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes data from external websites without sanitization.
- Ingestion points: Data is retrieved from webpages via the
snapshot,get text, andevalcommands. - Boundary markers: There are no markers or instructions to isolate untrusted web content from the agent's logic.
- Capability inventory: The skill has access to UI automation, JavaScript execution, and screenshotting capabilities.
- Sanitization: No validation or sanitization of external content is mentioned.
Audit Metadata