agentic-browser

The browser extension uses `new Function(action.script)` in its `EXECUTE_SCRIPT` handler (in `extension/entrypoints/background.ts`). This allows arbitrary JavaScript code, generated by the AI agent, to be executed directly within the context of any web page visited by the user. Given that the extension has `<all_urls>` host permissions, this presents a critical security vulnerability. A compromised or misaligned AI model could inject malicious scripts, leading to cross-site scripting (XSS), data exfiltration, or other severe attacks on any website the user is browsing. Additionally, sensitive credentials (like PyJIIT login information) are stored in browser local storage, which, while segregated by extension, is not as secure as dedicated secrets management and could be compromised if the browser profile is breached. A Google OAuth client ID is hardcoded, which is a minor issue as it's typically public, but still less flexible than configuration.