nodriver-browser
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
lib/runner.pyscript usessubprocess.Popento launch the Chromium browser. The executable path is determined through a discovery process that can be overridden by environment variables (CHROMIUM_PATH,CHROME_PATH), which could be exploited if the environment is compromised. - [DATA_EXFILTRATION]: The skill includes a
--user-profileflag that allows the browser to load the user's primary Chrome profile. This grants the agent access to sensitive data such as session cookies, stored passwords, and browsing history, which could be exfiltrated if the agent is manipulated. - [DATA_EXFILTRATION]: The
scripts/upload.pytool enables the agent to upload any local file to a website. This is a powerful feature that could be abused to exfiltrate sensitive local files (e.g., SSH keys, credentials) if the agent receives malicious instructions from a visited webpage. - [REMOTE_CODE_EXECUTION]: The
scripts/eval.pyscript allows for the execution of arbitrary JavaScript expressions within the browser's context using thetab.evaluate()method. This provides an unrestricted capability to interact with and modify web pages. - [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection because its primary function is to ingest and process content from arbitrary websites (e.g., in
lib/snapshot.py). A malicious website could embed instructions designed to hijack the agent's behavior and use its interaction tools for unauthorized actions. - [COMMAND_EXECUTION]: The
lib/runner.pyscript executeslsofviasubprocess.runto identify processes holding specific network ports. While used for daemon management, this involves executing system-level diagnostic tools.
Audit Metadata