cdp-bridge-mcp-browser-control
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The browser_cookies tool allows the agent to read active session cookies and authentication tokens for the current domain. This enables access to sensitive credentials that could be used for session hijacking.
- [REMOTE_CODE_EXECUTION]: The skill provides the browser_execute_js tool, which allows for the execution of arbitrary JavaScript within the browser context. This capability can be used to interact with authenticated web sessions on the user's behalf.
- [COMMAND_EXECUTION]: The installation process involves the command uvx cdp-bridge@latest, which downloads and runs code from the PyPI repository. This creates a dependency on an external package registry and its content.
- [DATA_EXFILTRATION]: Access to session cookies via browser_cookies combined with general agent capabilities creates a risk surface where sensitive session data could be sent to external destinations.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the browser_scan tool.
- Ingestion points: browser_scan processes content from external websites.
- Boundary markers: The skill filters scripts and styles but lacks explicit instructions to ignore embedded directives in the page content.
- Capability inventory: The skill has the ability to execute JavaScript, read cookies, and navigate to URLs.
- Sanitization: Content is cleaned to remove non-text elements (scripts/styles), but the semantic meaning of the text is preserved for the agent.
Audit Metadata