Chrome Bridge Automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill uses 'npx @midscene/web@1' to download and run code from the npm registry. As @midscene is not a trusted organization, this constitutes unverifiable remote code execution.
- DATA_EXFILTRATION (MEDIUM): The skill connects to the user's real browser, accessing cookies and login states. While intended, this provides a pathway for data exposure if the agent is directed to sensitive URLs.
- COMMAND_EXECUTION (LOW): Relies on Bash to execute CLI commands for automation.
- PROMPT_INJECTION (LOW): Indirect prompt injection surface exists as the skill processes untrusted web content. * Ingestion points: External URLs and page screenshots. * Boundary markers: Absent. * Capability inventory: Element interaction (act) and shell execution. * Sanitization: None.
Audit Metadata