High-risk tools in Browser Automation
6 of the 13 tools in Browser Automation are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
agent_browser_runExecute 3/5Run a low-level browser command. Use over Stagehand when you need precise, deterministic control — element-by-ref interactions, DOM inspection, network debugging, JS evaluation....
-
stagehand_actExecute 2/5Perform a single action on the page (e.g., click, type).
-
stagehand_agentExecute 3/5Execute a task autonomously using Stagehand agent in hybrid mode. The agent uses both DOM-based and coordinate-based actions for maximum reliability.
-
stagehand_navigateExecute 3/5Navigate to a URL in the browser. Only use this tool with URLs you're confident will work and be up to date. Otherwise, use https://google.com as the starting point. Sup...
-
stagehand_run_scriptExecute 4/5Run a Stagehand script file (default export from defineScript) against the current browser session. Returns {status: "passed"|"failed", durationMs}. On failure also ...
-
stagehand_scenarioExecute 3/5Execute a multi-step test scenario (arrange/act/assert) using the Stagehand agent. Returns structured pass/fail/blocked results per assert step.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Browser Automation
Enforce policy on Browser Automation
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init