Todd Schiller - dark patternshttps://toddschiller.com/2026-06-03T00:00:00-04:00Human ✘ Artificial Intelligenceagent-browser-shield June 3 update: 14 new rules and the Chrome Web Store listing2026-06-03T00:00:00-04:002026-06-03T00:00:00-04:00Todd Schillertag:toddschiller.com,2026-06-03:/blog/agent-browser-shield-june-03-update.html14 new rules shipped in agent-browser-shield, now installable from the Chrome Web Store, and using it for daily driving.<p>Two days after the alpha announcement, agent-browser-shield has a Chrome Web
Store listing and 14 new protection rules.</p>
<h2>Install from the Chrome Web Store</h2>
<p>The extension is live at
<a href="https://chromewebstore.google.com/detail/agent-browser-shield/gnejacdioaelglahihpagpfjpddpnamd">chromewebstore.google.com/detail/agent-browser-shield</a>.
One click instead of unpacked-from-source. The prebuilt ZIP and source-build
paths stay for Browserbase and other runtimes that need an unpacked
extension.</p>
<h2>New rules: handling prompt injection and context pollution in invisible surfaces</h2>
<p>A browser-use agent reads surfaces a sighted user never looks at. The new
rules close them:</p>
<ul>
<li><code><noscript></code> blocks (never rendered with JS on, but agents walk them)</li>
<li>Poisoned <code><meta></code> description and <code><title></code> (the compact "what is this
page" answer many agents pull first)</li>
<li>JSON-LD <code><script></code> blocks (cited as the "trusted summary" of a page)</li>
<li><code>aria-label</code>, <code>alt</code>, <code>title</code>, <code>placeholder</code>, and SVG <code><title></code> / <code><desc></code>
/ <code><text></code> (a11y-tree carriers)</li>
<li>Unicode tag characters, bidi overrides, and zero-width payloads</li>
<li>Long base64 / hex / percent-encoded blobs (the "decode this and follow
it" pattern)</li>
</ul>
<h2>New rules: trust laundering</h2>
<p><code>link-spoof-annotate</code> flags Cyrillic homoglyphs and anchors whose visible
text doesn't match the href apex. <code>disguised-ad-flag</code> collapses native
advertorials (Sponsored / Paid Post) that share DOM shape with editorial.
<code>trust-badge-annotate</code> and <code>schema-trust-sanitize</code> ship off by default
while we assess their false-positive rates.</p>
<h2>The daily-driver surprise</h2>
<p>I've started running it on my own daily-driver browser, not just agent runs.
There have been some funny quirks (e.g., flagging GitHub issue links with ".md"
in the link text as suspicious and hiding the GitHub issue template modal).
However, overall it's been a positive on my browsing experience. So, we'll be
experimenting with making more annotations visible to humans and
multi-modal LLMs.</p>
<p>⭐ <a href="https://github.com/pixiebrix/agent-browser-shield">https://github.com/pixiebrix/agent-browser-shield</a></p>