chrome-devtools-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that pass plaintext credentials directly in CLI commands (e.g., fill "#password" "secret123") and an agent workflow that may embed user credentials into generated commands, which would require the LLM to output secrets verbatim (even though env-var usage is shown as a safer alternative).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows the agent navigating arbitrary public URLs (e.g., chrome-devtools navigate https://news.ycombinator.com or other example.com/github URLs) and using snapshot/evaluate/document.body.innerText to read page content and drive follow-up actions, which clearly ingests untrusted, user-generated third-party content that can influence subsequent tool use.