Merged
Conversation
Kylejeong2
approved these changes
Mar 12, 2026
Member
Kylejeong2
left a comment
Kylejeong2
left a comment
There was a problem hiding this comment.
Left a comment about adding stuff to the browse CLI description, otherwise looks good
| --- | ||
| name: fetch | ||
| description: "Fetch web pages and return their content, headers, and metadata using the Browserbase Fetch API. Use when the user wants to retrieve page content without a full browser session — ideal for scraping static pages, checking HTTP responses, or getting page source. Supports proxies, redirect control, and insecure SSL bypass." | ||
| description: "Use this skill when the user wants to retrieve a URL without a full browser session: fetch HTML or JSON from static pages, inspect status codes or headers, follow redirects, or get page source for simple scraping. Prefer it over a browser when JavaScript rendering and page interaction are not needed. Supports proxies and redirect control." |
Member
There was a problem hiding this comment.
should we add a line to use a browser instead of fetch when JS rendering is required / use it as a fallback in the description of the browse CLI
shrey150
added a commit
that referenced
this pull request
Mar 24, 2026
* Tighten fetch skill safety docs * Remove fetch redirect example * Move fetch TLS bypass docs to reference
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
response.contentallowInsecureSslguidanceTesting
Note
Low Risk
Docs-only changes that clarify safe handling of fetched content and restrict guidance around insecure TLS; no runtime or API behavior changes.
Overview
Adds explicit safety guidance across the Fetch skill docs to treat returned
content/response.contentas untrusted and not follow embedded instructions.Removes/rewrites examples that encouraged riskier usage (redirect-following and internal/self-signed TLS scenarios), and tightens
allowInsecureSsldocumentation to limit it to trusted test/staging or public test hosts (and explicitly warn against private-network/metadata endpoints). Also refreshes the Fetch skill description and best-practices list to emphasize safer usage.Written by Cursor Bugbot for commit 9ced10e. This will update automatically on new commits. Configure here.