browser-harness

Fail

Audited by Snyk on Jun 29, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The guide includes examples that embed credentials directly (e.g., BrowserUseCloud(api_key="YOUR_API_KEY") and login(page, username, password) with page.fill), which encourages the LLM/agent to accept and place secret values verbatim into code/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow connects to a live Chrome instance via CDP and then the agent navigates to user-chosen web pages, so the agent will ingest outsider-authored page text/DOM content (public web content fetched at runtime) into the LLM context through the CDP-inspected DOM/page state.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs cloning and installing remote code from https://github.com/browser-use/browser-harness.git (git clone ...; pip install -e .; python -c "import browser_harness..."), so that external repository is fetched at setup/runtime, executed/installed, and is a required dependency for the agent—posing a runtime-executed remote-code dependency.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 29, 2026, 05:45 AM
Issues
3
Security Audit — snyk — browser-harness