browser
Fail
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The CLI entry point located in
src/browser_harness/run.pyutilizes theexec()function to run Python code received through standard input. This is the core mechanism of the harness, allowing the AI agent to execute arbitrary logic on the host system. - [REMOTE_CODE_EXECUTION]: The documentation in
interaction-skills/profile-sync.mdand error messages withinsrc/browser_harness/admin.pyinstruct users to install a helper tool using a high-risk piped shell command:curl -fsSL https://browser-use.com/profile.sh | sh. While this script is hosted on the vendor's own domain, piped shell execution remains a dangerous pattern. - [COMMAND_EXECUTION]: The
src/browser_harness/admin.pyscript uses thesubprocessmodule to execute system commands for process identification, Snap package detection on Linux, and for running the externalprofile-usetool. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to
api.browser-use.comfor managing cloud-based browser sessions and toapi.github.comto verify if a newer version of the harness is available for download. - [DATA_EXFILTRATION]: The harness is designed to load environment variables from
.envfiles in the repository and workspace directories, which often contain sensitive API keys. Additionally, its ability to capture full-page screenshots and perform raw network fetches viahttp_getcreates a surface for potential data exfiltration if the agent is directed to untrusted sites.
Recommendations
- HIGH: Downloads and executes remote code from: https://browser-use.com/profile.sh - DO NOT USE without thorough review
Audit Metadata