Skills
skills/shawnpana/browser-use/open-source/Gen Agent Trust Hub

open-source

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation provides instructions to execute a shell script directly from the vendor's domain using a pipe to the shell (e.g., curl -fsSL https://browser-use.com/profile.sh | sh) for profile synchronization.
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to download and install external binaries, specifically the Chromium browser via uvx browser-use install, and suggests the use of third-party monitoring libraries like Laminar and OpenLIT.
  • [COMMAND_EXECUTION]: Code examples in the documentation demonstrate the use of subprocess.Popen to launch the Google Chrome browser with remote debugging enabled.
  • [PROMPT_INJECTION]: The skill documents an extensive attack surface for indirect prompt injection (Category 8).
  • Ingestion points: Untrusted data enters the agent context through tools like browser_extract_content and page.extract_content (found in references/tools.md and references/actor.md).
  • Boundary markers: The provided documentation does not explicitly detail the use of boundary markers or delimiters for the ingested web content.
  • Capability inventory: The library features documented capabilities including file system access (write_file, read_file), arbitrary JavaScript execution (page.evaluate), and shell command execution (subprocess) (found in references/tools.md and references/examples.md).
  • Sanitization: The library includes a sensitive_data feature designed to redact credentials by replacing them with placeholders before they are processed by the LLM (found in references/examples.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 04:07 PM