docyrus-browser-cli
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
docyrus browser evalcommand allows the agent to execute arbitrary JavaScript code within the context of the active web page, which can be used to manipulate page state or initiate network requests from the browser. - [COMMAND_EXECUTION]: The
docyrus browser run-scriptcommand permits the execution of custom CDP (Chrome DevTools Protocol) scripts, providing low-level, unconstrained control over the browser instance. - [CREDENTIALS_UNSAFE]: The
docyrus browser cookiescommand provides the capability to retrieve all session cookies for a domain, which may include sensitive authentication tokens and session identifiers. - [CREDENTIALS_UNSAFE]: The
docyrus browser start --profileflag allows the automation session to use the user's local Chrome profile, potentially exposing private data such as saved passwords, history, and active sessions to the agent context. - [INDIRECT_PROMPT_INJECTION]: The skill contains a significant attack surface for indirect prompt injection by processing untrusted data from external websites.
- Ingestion points: Untrusted data enters the agent context through
docyrus browser nav,snapshot,content,console, andnetworkcommands which read page content, logs, and traffic. - Boundary markers: The skill documentation does not specify the use of delimiters or instructions to ignore embedded commands when processing web content.
- Capability inventory: The agent can perform high-impact actions based on injected instructions, including executing JavaScript (
eval), accessing session data (cookies), and interacting with elements (click,fill). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external URLs before it is presented to the agent.
Audit Metadata