The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the chrome-devtools binary to perform browser automation tasks and manage a background daemon process via a Unix socket at /tmp/chrome-devtools-daemon.sock.
[DATA_EXFILTRATION]: The skill accesses sensitive local Chrome user data directories to discover debugging ports, including paths like ~/Library/Application Support/Google/Chrome/ (macOS), ~/.config/google-chrome/ (Linux), and %LOCALAPPDATA%\Google\Chrome\User Data\ (Windows).
[DATA_EXFILTRATION]: The automation allows the agent to interact with the user's existing Chrome session, including access to logged-in accounts, cookies, and stored credentials, which could be exposed if the agent is misused or compromised.
[REMOTE_CODE_EXECUTION]: The skill provides an evaluate command that allows for the execution of arbitrary JavaScript within the context of the targeted web pages in the browser.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from external websites through commands like snapshot and evaluate, which could contain malicious instructions designed to manipulate the agent's behavior.
Ingestion points: Web page content retrieved via snapshot, evaluate "document.body.innerText", and CSS element selection.
Boundary markers: Absent; there are no instructions or delimiters provided to help the agent distinguish between its own goals and instructions embedded in the processed web content.
Capability inventory: High; the skill can click elements, fill form fields (including passwords), execute JavaScript, and navigate to arbitrary URLs.
Sanitization: Absent; content retrieved from web pages is passed to the agent without filtering or escaping.
[EXTERNAL_DOWNLOADS]: Recommends the installation of a third-party binary (chrome-devtools-cli) from the vendor's GitHub repository using package managers like Homebrew or Cargo.

chrome-devtools-cli