open-browser-use
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the
open-browser-useCLI and SDKs from public registries including NPM, PyPI, and Homebrew. It also includes asetup betacommand that downloads a browser extension ZIP file from the vendor's GitHub Releases. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (
obu,open-browser-use) to perform browser automation tasks, including opening tabs, navigating, executing CDP commands, and managing browser profiles. This includes aruncommand for executing action plans and anmcpserver mode. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks. It allows the agent to read and process content from external websites (via
page_info,cdp, or SDK methods). - Ingestion points: Web page content read through browser automation tools in
SKILL.mdandreferences/sdk-and-protocol.md. - Boundary markers: The instructions recommend using unique session IDs but do not specify delimiters or 'ignore' instructions for web content processing.
- Capability inventory: Subprocess calls (
obuCLI), network operations via the browser, and file chooser manipulation. - Sanitization: There are no explicit instructions for sanitizing or escaping content read from web pages before processing it in the agent's prompt.
Audit Metadata