chrome-devtools-mcp-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass credentials verbatim in tool calls (e.g., typing "secure_password" into a password field), which requires the LLM to include secret values directly in generated MCP messages and therefore poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md clearly instructs the agent to navigate to arbitrary external URLs and evaluate/extract page content (see "Core Capabilities: Navigate to a URL" and "Pattern 4: Data Extraction (Web Scraping)"), meaning it ingests untrusted public web content that can influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's recommended runtime command "npx chrome-devtools-mcp@latest" fetches and executes remote code from the npm registry (e.g., https://www.npmjs.com/package/chrome-devtools-mcp), which is a required runtime dependency that can run arbitrary code.