firefox-devtools-mcp-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md shows the agent navigates to arbitrary URLs (navigate_page / start-url), captures network traffic and response bodies (list_network_requests / get_network_request), and inspects page DOM/snapshots and runs evaluate_script, meaning it fetches and reads untrusted public web content (webpages/APIs) that can directly influence follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). Flagged because the skill repeatedly invokes npx to fetch and execute the firefox-devtools-mcp package at runtime (npx firefox-devtools-mcp@latest), which pulls and runs remote code from npm/GitHub (https://www.npmjs.com/package/firefox-devtools-mcp and https://github.com/mozilla/firefox-devtools-mcp) that is a required dependency to run the MCP server and thus directly executes remote code controlling the agent/browser actions.