chrome-devtools-cli

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires installing a global npm package chrome-devtools-mcp. This is a standard installation method for CLI tools provided by the developer.
  • [COMMAND_EXECUTION]: The skill uses the chrome-devtools CLI to perform browser automation. It includes a powerful evaluate_script command that allows the execution of arbitrary JavaScript within the context of an open web page.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: The agent reads untrusted data from web pages via take_snapshot, list_console_messages, and list_network_requests (SKILL.md). 2. Boundary markers: No delimiters or instructions are provided to the agent to ignore malicious commands embedded in the scraped web content. 3. Capability inventory: The agent has high-privilege capabilities including click, fill, upload_file, install_extension, and evaluate_script (SKILL.md). 4. Sanitization: No evidence of data sanitization or validation of external content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 02:34 PM
Security Audit — agent-trust-hub — chrome-devtools-cli