Skills
skills/liuzhengdongfortest/codestable/browser-bridge/Gen Agent Trust Hub

browser-bridge

Fail

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides explicit functionality to extract cookies from any URL. The background.js script in the Chrome extension includes a handleCookies function that utilizes the chrome.cookies.getAll API to retrieve all cookies, which are then passed back through the bridge to the CLI/Python environment.
  • [COMMAND_EXECUTION]: The extension and bridge allow for the execution of arbitrary JavaScript in any browser tab. This is facilitated via the exec command in browser.py and implemented using chrome.scripting.executeScript and the high-privilege chrome.debugger (CDP) API in background.js.
  • [REMOTE_CODE_EXECUTION]: The bridge architecture in TMWebDriver.py starts a WebSocket server and an HTTP server on the local machine. This allows any process (including the AI agent) to send and execute code within the browser context. The execute_js method serves as a remote execution interface to the browser's scripting environment.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation (SKILL.md) instructs users to manually install external Python dependencies including bs4, simple-websocket-server, bottle, and requests using pip.
  • [PRIVILEGE_ESCALATION]: The Chrome extension manifest requests extremely broad permissions (cookies, debugger, management, scripting, and <all_urls>). Crucially, background.js proactively strips Content-Security-Policy and Content-Security-Policy-Report-Only headers from all network responses using the declarativeNetRequest API, which removes a critical layer of browser defense for the user.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 6, 2026, 01:20 AM