bridgic-browser
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation script 'scripts/install-deps.sh' fetches the official 'uv' installation script from Astral's domain ('astral.sh').\n- [REMOTE_CODE_EXECUTION]: The skill pipes a remote installer from 'astral.sh' directly to the shell ('sh' or 'powershell'). This pattern is used for installing the 'uv' package manager from a well-known and trusted source.\n- [COMMAND_EXECUTION]: Uses the 'uv run' and 'playwright' CLI tools to install dependencies, manage the runtime environment, and control the browser.\n- [DATA_EXFILTRATION]: The skill manages persistent browser profiles, including cookies and local storage, stored in the user directory ('~/.bridgic/bridgic-browser/user_data/'). This is standard behavior for maintaining login sessions in browser automation and does not constitute unauthorized exfiltration.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing web pages. Evidence Chain: 1. Ingestion points: Untrusted web content enters via 'open' and 'snapshot' commands. 2. Boundary markers: No explicit delimiters are defined to separate instructions from content. 3. Capability inventory: Includes 'eval' for JavaScript execution, 'fill' for data input, and 'screenshot' for capture. 4. Sanitization: No sanitization of web content is performed before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata