chrome-devtools-mcp
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from web pages that could contain malicious instructions.
- Ingestion points: Untrusted data enters the agent's context through tools such as
take_snapshot,list_console_messages, andlist_network_requestsas documented inSKILL.mdandreferences/tool-inventory.md. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when the agent handles output from these browser tools.
- Capability inventory: The skill provides powerful browser-side capabilities, including
evaluate_scriptfor executing arbitrary JavaScript andinstall_extensionfor loading browser extensions, as seen inreferences/tool-inventory.md. - Sanitization: No sanitization or validation of the data retrieved from external web pages is implemented or required by the instructions.
Audit Metadata