browser-use

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The .claude/settings.local.json file contains permissions allowing the agent to execute defaults write:*, which provides the capability to modify system-level settings and configurations on macOS.
  • [REMOTE_CODE_EXECUTION]: The configuration file explicitly grants unrestricted access to python3:*, enabling the agent to execute arbitrary Python code on the host machine independently of the browser automation tool's constraints.
  • [DATA_EXFILTRATION]: The skill facilitates the extraction, export, and cloud-syncing of browser cookies, specifically targeting 'real' browser profiles. This functionality can expose active login sessions and sensitive authentication tokens.
  • [COMMAND_EXECUTION]: The browser-use CLI includes features for dynamic execution of JavaScript (browser-use eval) and Python (browser-use python) within the persistent browser session.
  • [PROMPT_INJECTION]: Because the skill is designed to navigate and extract data from arbitrary web pages, it possesses a significant attack surface for indirect prompt injection, where malicious content on a website could override agent instructions.
  • [REMOTE_CODE_EXECUTION]: The installation instructions suggest using uvx and uv pip to download and install the browser-use package, which involves fetching and executing code from an external registry.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — browser-use