chrome-devtools-cli
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The file
references/installation.mdinstructs the user to globally install thechrome-devtools-mcppackage usingnpm i chrome-devtools-mcp@latest -g. This downloads and installs code from the public npm registry at runtime. - [COMMAND_EXECUTION]: The skill operates by executing the
chrome-devtoolsCLI tool to perform various browser automation tasks. This includes sensitive capabilities such asevaluate_script, which allows the agent to execute arbitrary JavaScript within the context of a web page. - [PROMPT_INJECTION]: The skill interacts with and processes data from external websites, creating a surface for Indirect Prompt Injection.
- Ingestion points: The agent ingests untrusted data from web pages via
take_snapshot(accessibility tree),list_console_messages, andlist_network_requestsas documented inSKILL.mdandreferences/cli-reference.md. - Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between its core instructions and potentially malicious instructions embedded in the web content it processes.
- Capability inventory: The skill allows the agent to perform actions like clicking, filling forms, and executing JavaScript based on its interpretation of the ingested data.
- Sanitization: No sanitization, validation, or filtering mechanisms are described for the content retrieved from the browser before the agent processes it.
Audit Metadata