chrome-devtools-cli

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The file references/installation.md instructs the user to globally install the chrome-devtools-mcp package using npm i chrome-devtools-mcp@latest -g. This downloads and installs code from the public npm registry at runtime.
  • [COMMAND_EXECUTION]: The skill operates by executing the chrome-devtools CLI tool to perform various browser automation tasks. This includes sensitive capabilities such as evaluate_script, which allows the agent to execute arbitrary JavaScript within the context of a web page.
  • [PROMPT_INJECTION]: The skill interacts with and processes data from external websites, creating a surface for Indirect Prompt Injection.
  • Ingestion points: The agent ingests untrusted data from web pages via take_snapshot (accessibility tree), list_console_messages, and list_network_requests as documented in SKILL.md and references/cli-reference.md.
  • Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between its core instructions and potentially malicious instructions embedded in the web content it processes.
  • Capability inventory: The skill allows the agent to perform actions like clicking, filling forms, and executing JavaScript based on its interpretation of the ingested data.
  • Sanitization: No sanitization, validation, or filtering mechanisms are described for the content retrieved from the browser before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:19 PM
Security Audit — agent-trust-hub — chrome-devtools-cli