docyrus-browser-cli

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The docyrus browser eval command allows the agent to execute arbitrary JavaScript code within the context of the active web page, which can be used to manipulate page state or initiate network requests from the browser.
  • [COMMAND_EXECUTION]: The docyrus browser run-script command permits the execution of custom CDP (Chrome DevTools Protocol) scripts, providing low-level, unconstrained control over the browser instance.
  • [CREDENTIALS_UNSAFE]: The docyrus browser cookies command provides the capability to retrieve all session cookies for a domain, which may include sensitive authentication tokens and session identifiers.
  • [CREDENTIALS_UNSAFE]: The docyrus browser start --profile flag allows the automation session to use the user's local Chrome profile, potentially exposing private data such as saved passwords, history, and active sessions to the agent context.
  • [INDIRECT_PROMPT_INJECTION]: The skill contains a significant attack surface for indirect prompt injection by processing untrusted data from external websites.
  • Ingestion points: Untrusted data enters the agent context through docyrus browser nav, snapshot, content, console, and network commands which read page content, logs, and traffic.
  • Boundary markers: The skill documentation does not specify the use of delimiters or instructions to ignore embedded commands when processing web content.
  • Capability inventory: The agent can perform high-impact actions based on injected instructions, including executing JavaScript (eval), accessing session data (cookies), and interacting with elements (click, fill).
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external URLs before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 07:23 PM
Security Audit — agent-trust-hub — docyrus-browser-cli