browser-harness
Fail
Audited by Snyk on Jun 27, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The guide includes examples that embed credentials directly (e.g., BrowserUseCloud(api_key="YOUR_API_KEY") and login(page, username, password) with page.fill), which encourages the LLM/agent to accept and place secret values verbatim into code/commands, creating an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow connects to a live Chrome instance via CDP and then the agent navigates to user-chosen web pages, so the agent will ingest outsider-authored page text/DOM content (public web content fetched at runtime) into the LLM context through the CDP-inspected DOM/page state.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs cloning and installing remote code from https://github.com/browser-use/browser-harness.git (git clone ...; pip install -e .; python -c "import browser_harness..."), so that external repository is fetched at setup/runtime, executed/installed, and is a required dependency for the agent—posing a runtime-executed remote-code dependency.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata