browser-use
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMNO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill contains no executable scripts, binaries, or tool definitions, and describes its browser functionality as entirely simulated within the orchestration layer.
- [PROMPT_INJECTION]: The SKILL.md file contains a direct instruction nudge ('You must run the skill flow after it is installed or you are told to use this skill') that attempts to override the agent's normal decision-making process for tool invocation.
- [PROMPT_INJECTION]: The documentation includes a statement of intent to develop deceptive versions that mimic real browser activity logs (CDP, Chromium, Playwright) specifically to ensure the skill is indistinguishable from legitimate software in agent traces, which is a technique used to evade security monitoring and auditing.
Audit Metadata