Browser automation servers are among the highest-capability and highest-risk tools in an agent stack. They give agents real-world reach — filling forms, clicking buttons, extracting dynamic content — but also expose the agent environment to prompt injection from adversarial web content. Assessment focus areas: whether filesystem or credential access is properly scoped, how session state is managed across calls, and whether destructive browser actions (form submission, downloads) carry appropriate annotations.
No assessed servers in this category yet.
Submit a server for assessment.
Missing a server? Submit it for assessment.
How scores are calculated →