kaboom-browser-ai-devtools
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Installation instructions include piping remote scripts (
install.shandinstall.ps1) from a third-party GitHub repository (brennhill/Kaboom-Browser-AI-Devtools-MCP) directly into shell interpreters (e.g.,curl | bashandirm | iex). This allows an unverified source to execute arbitrary code on the system. - [EXTERNAL_DOWNLOADS]: The skill requires downloading software binaries and browser extensions from a repository that is not affiliated with the identified vendor or recognized as a trusted organization.
- [COMMAND_EXECUTION]: Manual setup instructions involve commands to change file permissions (
chmod +x) and move files into system-level directories (/usr/local/bin/), which often requires administrative access. - [PROMPT_INJECTION]: The skill's architecture is vulnerable to indirect prompt injection because it processes data from untrusted web pages while providing the agent with browser interaction tools.
- Ingestion points: Untrusted data enters the agent context via
kaboom_console_get,kaboom_network_get, andkaboom_dom_querytools. - Boundary markers: There are no markers or instructions provided to isolate captured browser data from the agent's main command flow.
- Capability inventory: The skill includes powerful tools for browser interaction such as
kaboom_browser_type,kaboom_browser_upload, andkaboom_browser_navigate. - Sanitization: No sanitization or verification of the external browser-sourced content is implemented.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/brennhill/Kaboom-Browser-AI-Devtools-MCP/STABLE/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata