notte-browser
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill supports the creation and remote execution of Python scripts via the 'notte functions create' and 'notte functions run' commands, allowing users to run arbitrary code on the Notte platform.
- [COMMAND_EXECUTION]: The 'notte page eval-js' command enables the execution of arbitrary JavaScript within the context of an automated browser session.
- [CREDENTIALS_UNSAFE]: The skill includes a vault system for managing sensitive credentials, including passwords and MFA (TOTP) secrets, to facilitate automated logins and identity management.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted web content via browser observation and scraping tools.
- Ingestion points: Web pages accessed during automation sessions via 'notte page scrape' and 'notte page observe'.
- Boundary markers: No specific delimiters or safety instructions are documented to isolate scraped content from system instructions.
- Capability inventory: Extensive browser interaction, file storage access, and remote function execution.
- Sanitization: No explicit sanitization or filtering of external content before processing is mentioned in the documentation.
Audit Metadata