Skills
skills/aradotso/mcp-skills/chrome-devtools-mcp-automation/Gen Agent Trust Hub

chrome-devtools-mcp-automation

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs users to install and run the chrome-devtools-mcp package directly from the NPM registry using npx -y chrome-devtools-mcp@latest.
  • [COMMAND_EXECUTION]: The skill provides a tool called evaluate which allows the agent to execute arbitrary JavaScript code within the context of a browser page. This is a core feature for browser automation but grants the agent significant execution capabilities in the web environment.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because the agent is designed to ingest and act upon data from arbitrary external websites.
  • Ingestion points: Data enters the agent context through page content, network logs, and console outputs captured via the evaluate, network-logs, and console-logs tools.
  • Boundary markers: The instructions do not define boundary markers or provide specific directives for the agent to ignore instructions found within the data retrieved from the browser.
  • Capability inventory: The agent has access to highly capable tools, including JavaScript execution (evaluate), form filling (type), and navigation control (click, navigate).
  • Sanitization: The skill does not describe any sanitization or validation mechanisms for the data retrieved from the browser before it is processed by the agent's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:55 PM
Security Audit — agent-trust-hub — chrome-devtools-mcp-automation