chrome-devtools-mcp

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from web pages that could contain malicious instructions.
  • Ingestion points: Untrusted data enters the agent's context through tools such as take_snapshot, list_console_messages, and list_network_requests as documented in SKILL.md and references/tool-inventory.md.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when the agent handles output from these browser tools.
  • Capability inventory: The skill provides powerful browser-side capabilities, including evaluate_script for executing arbitrary JavaScript and install_extension for loading browser extensions, as seen in references/tool-inventory.md.
  • Sanitization: No sanitization or validation of the data retrieved from external web pages is implemented or required by the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:37 AM
Security Audit — agent-trust-hub — chrome-devtools-mcp