chrome-devtools-axi-browser-automation
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the chrome-devtools-axi package directly from the npm registry using npx or npm install.
- [COMMAND_EXECUTION]: Provides an eval command that allows for the execution of arbitrary JavaScript code within the controlled browser instance to facilitate complex interactions and data scraping.
- [COMMAND_EXECUTION]: Includes a run command to execute multi-step automation scripts provided via standard input.
- [DATA_EXFILTRATION]: Features an upload command that enables the agent to read local files from the host system and upload them to a browser session.
- [DATA_EXFILTRATION]: Supports exporting browser-derived data, including screenshots, network logs, and performance traces, to the local filesystem.
- [PROMPT_INJECTION]: Processes untrusted external content from websites through accessibility snapshots and console logs, presenting an indirect prompt injection surface.
- [PROMPT_INJECTION]: Ingestion points: External web content is ingested through open, snapshot, and network-get commands.
- [PROMPT_INJECTION]: Boundary markers: No explicit instruction delimiters or markers are described for separating web content from agent instructions.
- [PROMPT_INJECTION]: Capability inventory: The skill possesses high-privilege capabilities including JavaScript execution (eval), file reading (upload), and filesystem writing.
- [PROMPT_INJECTION]: Sanitization: No specific filtering or sanitization of external data is specified in the documentation.
Audit Metadata