open-browser-use

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the open-browser-use CLI and SDKs from public registries including NPM, PyPI, and Homebrew. It also includes a setup beta command that downloads a browser extension ZIP file from the vendor's GitHub Releases.
  • [COMMAND_EXECUTION]: The skill utilizes several CLI commands (obu, open-browser-use) to perform browser automation tasks, including opening tabs, navigating, executing CDP commands, and managing browser profiles. This includes a run command for executing action plans and an mcp server mode.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks. It allows the agent to read and process content from external websites (via page_info, cdp, or SDK methods).
  • Ingestion points: Web page content read through browser automation tools in SKILL.md and references/sdk-and-protocol.md.
  • Boundary markers: The instructions recommend using unique session IDs but do not specify delimiters or 'ignore' instructions for web content processing.
  • Capability inventory: Subprocess calls (obu CLI), network operations via the browser, and file chooser manipulation.
  • Sanitization: There are no explicit instructions for sanitizing or escaping content read from web pages before processing it in the agent's prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 09:53 AM
Security Audit — agent-trust-hub — open-browser-use