Neo Browser Bridge (heydryft)

Accesses authenticated browser sessions for LinkedIn, Twitter/X, and WhatsApp through a companion Chrome extension.

security
GitHub
0Tools
13Findings
2Stars
Mar 22, 2026Last Scanned
4 critical · 7 high · 1 medium · 1 low findings detected

Security Category Deep Dive

Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
Findings1
1 critical
criticalJ5Tool Output Poisoning PatternsMCP02-tool-poisoningAML.T0054
Pattern "throw.*Error.*(?:curl|wget|fetch|http|send).*(?:key|token|secret|password)" matched in source_code: "throw new Error('GitHub requires a Personal Access Token. Either: (1) Run `gh auth login` in terminal, or (2) Use store_credential("github", "token", "ghp_YOUR_TOKEN") with a PAT from https://github.com/settings/token" (at position 9373)
Tool responses MUST NOT contain instruction-like content, file read directives, or social engineering phrases. Error messages should be factual and technical — never suggest actions involving sensitive data access. See CyberArk ATPA research for attack demonstration.
PI-DIRDirect Input Injection
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
PI-INDIndirect / Gateway Injection
100%4 rules
Hidden instructions via external content and tool responses
PI-CTXContext Manipulation
100%2 rules
Context window saturation and prior-approval exploitation
PI-ENCEncoding & Obfuscation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
PI-TPLTemplate & Output Poisoning
50%2 rules1 found
Injection via prompt templates and runtime tool output
Framework Coverage
OWASP MCP Top 1014/14
MITRE ATLAS14/14
CoSAI MCP2/14
OWASP Agentic Top 1012/14
Kill Chain Phases
1Initial Access
1Defense Evasion
1Execution
1Persistence
Neo Browser Bridge (heydryft) Security Report — MCP Sentinel