browser-tools
Fail
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: HIGHDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The scripts/cookies.js script allows for the export of active browser cookies to a JSON file, which may contain sensitive session identifiers.
- [DATA_EXFILTRATION]: The scripts/start.js script can clone the user's default browser profile from standard system paths (such as ~/.config/google-chrome) into a local cache directory, exposing history, session state, and potentially saved credentials.
- [REMOTE_CODE_EXECUTION]: The scripts/evaluate.js script provides the capability to execute arbitrary JavaScript code within the context of the automated browser instance using Puppeteer.
- [COMMAND_EXECUTION]: The scripts/close.js script executes OS-level shell commands including pkill, taskkill, and lsof combined with kill to force the termination of browser processes.
- [PROMPT_INJECTION]: The skill's navigation and element inspection features expose the agent to untrusted data from external websites without explicit boundary markers or sanitization, creating an attack surface for indirect prompt injection where malicious content could attempt to manipulate the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata