Skills
skills/salmanferozkhan/cloud-and-fast-api/browser-use/Gen Agent Trust Hub

browser-use

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The tool browser_run_code in SKILL.md executes arbitrary JavaScript strings. This provides a mechanism for executing code influenced by untrusted external content within the browser environment.
  • [EXTERNAL_DOWNLOADS] (LOW): The start-server.sh script uses npx to download and execute the @playwright/mcp package. This is from a trusted source (Microsoft), but uses @latest which lacks version pinning.
  • [DATA_EXFILTRATION] (HIGH): The JavaScript execution capabilities (browser_run_code, browser_evaluate) allow access to sensitive session data such as cookies, which can be exfiltrated if the agent is compromised by malicious web content.
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection.
  • Ingestion points: Web content is ingested via browser_snapshot (referenced in SKILL.md).
  • Boundary markers: None are present in the provided instructions to separate untrusted web data from agent commands.
  • Capability inventory: Includes arbitrary JavaScript execution, form submission, and navigation (documented in SKILL.md).
  • Sanitization: No sanitization of retrieved web content is implemented before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:59 AM