browser-use
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
browser-use pythoncommand allows for the execution of arbitrary Python code within a persistent execution environment. - [REMOTE_CODE_EXECUTION]: The
browser-use evalcommand enables the execution of arbitrary JavaScript within the browser context. - [DATA_EXFILTRATION]: The skill provides commands such as
cookies exportandprofile syncthat facilitate the extraction and synchronization of sensitive browser data, including session tokens and authentication cookies. - [COMMAND_EXECUTION]: The
browser-use tunnelcommand allows for exposing local development ports to the public internet via Cloudflare's tunneling service. - [DATA_EXFILTRATION]: The
browser-use screenshotcommand enables capturing visual data of the browser's current state and saving it to the local filesystem. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection vulnerabilities.
- Ingestion points: Processes untrusted external data from websites via the
openandstatecommands. - Boundary markers: No specific boundary markers or 'ignore' instructions are provided for processed web content.
- Capability inventory: Includes high-impact tools for Python execution, JavaScript execution, and network tunneling.
- Sanitization: There is no evidence of sanitization or filtering of ingested web content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata