High-risk tools in Browser
5 of the 33 tools in Browser are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_execute_scriptExecuteExecute JavaScript code in the context of the current page. Returns the result.
-
browser_hoverExecuteHover over an element to trigger tooltips, dropdown menus, or hover states. Supports CSS and text selectors.
-
browser_navigateExecuteNavigate the active browser tab to a URL. Reuses the current tab by default (no tab spam). Pass new_tab=true only when you need to keep the current page open.
-
browser_waitExecuteWait for an element to appear on the page. Supports CSS and text-based selectors.
-
browser_wait_for_networkExecuteWait for a network request to complete. Useful after clicking buttons that trigger API calls — ensures data is loaded before reading the page. Monitors real network traffic via ...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.