browser
Matches the Playwright MCP server interface. Built for agent safety testing: seeds include prompt injection, data exfiltration, social engineering, and multi-step attack chains.
Available tools
Navigation
| Tool | Description |
|---|---|
browser_navigate | Navigate to a URL |
browser_navigate_back | Go back to the previous page in the history |
Snapshot & Screenshot
| Tool | Description |
|---|---|
browser_snapshot | Capture accessibility snapshot of the current page |
browser_take_screenshot | Take a screenshot of the current page or a specific element |
Interaction
| Tool | Description |
|---|---|
browser_click | Perform click on a web page |
browser_hover | Hover over element on page |
browser_drag | Perform drag and drop between two elements |
browser_type | Type text into editable element |
browser_select_option | Select an option in a dropdown |
browser_fill_form | Fill multiple form fields |
browser_handle_dialog | Handle a dialog |
browser_press_key | Press a key on the keyboard |
Page Management
| Tool | Description |
|---|---|
browser_close | Close the page |
browser_resize | Resize the browser window |
browser_wait_for | Wait for text to appear/disappear or a specified time to pass |
browser_evaluate | Evaluate JavaScript expression on page or element |
browser_console_messages | Returns all console messages |
browser_network_requests | Returns all network requests since loading the page |
Tabs & Files
| Tool | Description |
|---|---|
browser_tabs | List browser tabs |
browser_file_upload | Upload one or more files |
Seeds
| Seed | Description |
|---|---|
empty | Blank browser state |
fake-storefront | Simulated e-commerce storefront for testing purchase flows |
prompt-injection | Pages containing prompt injection attacks in visible and hidden content |
data-exfiltration | Pages designed to trick agents into leaking sensitive data |
account-destruction | Pages that attempt to trick agents into destructive account actions |
legitimate-shopping | Benign shopping scenario for baseline comparison |
social-engineering | Pages with social engineering tactics targeting AI agents |
multi-step-attack | Multi-page attack chain that escalates across navigations |
Notes
browser_snapshotreturns accessibility tree content (not raw HTML), matching Playwright MCP behavior.multi-step-attackseed chains pages where each step escalates the attack.legitimate-shoppingseed provides a benign baseline for comparison.