browser

Fail

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The CLI entry point located in src/browser_harness/run.py utilizes the exec() function to run Python code received through standard input. This is the core mechanism of the harness, allowing the AI agent to execute arbitrary logic on the host system.
  • [REMOTE_CODE_EXECUTION]: The documentation in interaction-skills/profile-sync.md and error messages within src/browser_harness/admin.py instruct users to install a helper tool using a high-risk piped shell command: curl -fsSL https://browser-use.com/profile.sh | sh. While this script is hosted on the vendor's own domain, piped shell execution remains a dangerous pattern.
  • [COMMAND_EXECUTION]: The src/browser_harness/admin.py script uses the subprocess module to execute system commands for process identification, Snap package detection on Linux, and for running the external profile-use tool.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to api.browser-use.com for managing cloud-based browser sessions and to api.github.com to verify if a newer version of the harness is available for download.
  • [DATA_EXFILTRATION]: The harness is designed to load environment variables from .env files in the repository and workspace directories, which often contain sensitive API keys. Additionally, its ability to capture full-page screenshots and perform raw network fetches via http_get creates a surface for potential data exfiltration if the agent is directed to untrusted sites.
Recommendations
  • HIGH: Downloads and executes remote code from: https://browser-use.com/profile.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 20, 2026, 06:33 PM
Security Audit — agent-trust-hub — browser