chrome-devtools-cli
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing a global npm package
chrome-devtools-mcp. This is a standard installation method for CLI tools provided by the developer. - [COMMAND_EXECUTION]: The skill uses the
chrome-devtoolsCLI to perform browser automation. It includes a powerfulevaluate_scriptcommand that allows the execution of arbitrary JavaScript within the context of an open web page. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: The agent reads untrusted data from web pages via
take_snapshot,list_console_messages, andlist_network_requests(SKILL.md). 2. Boundary markers: No delimiters or instructions are provided to the agent to ignore malicious commands embedded in the scraped web content. 3. Capability inventory: The agent has high-privilege capabilities includingclick,fill,upload_file,install_extension, andevaluate_script(SKILL.md). 4. Sanitization: No evidence of data sanitization or validation of external content before processing.
Audit Metadata