chrome-use
Fail
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute a shell script from a remote URL (
https://raw.githubusercontent.com/leeguooooo/chrome-use/main/install.sh) by piping it directly to the shell (| sh). This allows for arbitrary code execution on the host machine during the installation process. - [EXTERNAL_DOWNLOADS]: The skill dynamically fetches additional workflow content and command references at runtime using
chrome-use skills get core. This means the agent's behavior is guided by instructions hosted externally that are not included in the static analysis of the skill itself. - [COMMAND_EXECUTION]: The skill requires the use of shell commands (via
Bash) to install the tool, manage its configuration, and perform browser automation tasks. - [INDIRECT_PROMPT_INJECTION]: Because the skill is designed for browser automation (interacting with websites, filling forms, and scraping data), it naturally ingests untrusted data from the web. This creates a risk where malicious content on a webpage could contain instructions that redirect the agent's behavior.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/leeguooooo/chrome-use/main/install.sh - DO NOT USE without thorough review
Audit Metadata