From 6deee114498dfa8e9bc968c07c161cd2532c62b9 Mon Sep 17 00:00:00 2001
From: tony-shi <realshihuashen@gmail.com>
Date: Wed, 25 Mar 2026 23:59:21 +0800
Subject: [PATCH] fix(browser): add proxy bypass constraint to domain
 restriction system prompt (#23229)

Co-authored-by: cynthialong0-0 <82900738+cynthialong0-0@users.noreply.github.com>
---
 packages/core/src/agents/browser/browserAgentDefinition.ts   | 2 +-
 packages/core/src/agents/browser/browserAgentFactory.test.ts | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/core/src/agents/browser/browserAgentDefinition.ts b/packages/core/src/agents/browser/browserAgentDefinition.ts
index b04b2a3ede..7deee9f94c 100644
--- a/packages/core/src/agents/browser/browserAgentDefinition.ts
+++ b/packages/core/src/agents/browser/browserAgentDefinition.ts
@@ -73,7 +73,7 @@ export function buildBrowserSystemPrompt(
           .map((d) => `- ${d}`)
           .join(
             '\n',
-          )}\nDo NOT attempt to navigate to any other domains using new_page or navigate_page, as it will be rejected. This is a hard security constraint.`
+          )}\nDo NOT attempt to navigate to any other domains using new_page or navigate_page, as it will be rejected. This is a hard security constraint.\nDo NOT use proxy services (e.g. Google Translate, Google AMP, or any URL translation/caching service) to access content from domains outside this list. Embedding a blocked URL as a parameter of an allowed-domain service is a direct violation of this security restriction.`
       : '';
 
   return `You are an expert browser automation agent (Orchestrator). Your goal is to completely fulfill the user's request.${allowedDomainsInstruction}
diff --git a/packages/core/src/agents/browser/browserAgentFactory.test.ts b/packages/core/src/agents/browser/browserAgentFactory.test.ts
index aec09dc6af..270b400c3b 100644
--- a/packages/core/src/agents/browser/browserAgentFactory.test.ts
+++ b/packages/core/src/agents/browser/browserAgentFactory.test.ts
@@ -467,6 +467,7 @@ describe('buildBrowserSystemPrompt', () => {
     expect(prompt).toContain('SECURITY DOMAIN RESTRICTION - CRITICAL:');
     expect(prompt).toContain('- github.com');
     expect(prompt).toContain('- *.google.com');
+    expect(prompt).toContain('Do NOT use proxy services');
   });
 
   it('should exclude allowed domains restriction when not provided or empty', () => {