tabz-browser
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill facilitates access to sensitive browser data through tools like 'tabz_cookies_get' and 'tabz_cookies_list' which can retrieve session identifiers and authentication tokens.
- [DATA_EXFILTRATION]: 'tabz_get_network_requests' can capture full network traffic details, including authentication headers and response bodies containing PII or secrets.
- [COMMAND_EXECUTION]: The 'tabz_execute_script' function allows for the execution of arbitrary JavaScript code within the browser context, which could be used to perform unauthorized actions or bypass client-side security.
- [DATA_EXFILTRATION]: Broad browser inspection tools like 'tabz_get_dom_tree' and 'tabz_screenshot' enable the agent to extract and potentially exfiltrate any data visible or embedded within a webpage.
- [PROMPT_INJECTION]: Indirect injection risk detected. Ingestion points: 'tabz_get_dom_tree', 'tabz_get_console_logs', and 'tabz_get_network_requests' (SKILL.md, network-debugging.md). Boundary markers: Absent. Capability inventory: 'tabz_execute_script', 'tabz_fill', 'tabz_click', 'tabz_cookies_get' across all scripts. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata