Context-Inappropriate Capability
Medium
- Confidence
- 91% confidence
- Finding
- The command reference explicitly exposes arbitrary JavaScript execution via `agent-browser eval -b` and `agent-browser eval --stdin`, allowing unrestricted code to run in the browser context. In an agent-facing browser automation skill, this materially expands capability beyond simple navigation and form interaction, enabling DOM manipulation, data extraction, and abuse of authenticated sessions in ways that are harder to constrain or audit.
