browser-testing-with-devtools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's DevTools workflow and tools (e.g., "DOM Inspection", "Console Logs", "Network Monitor" and the REPRODUCE/INSPECT steps in SKILL.md) explicitly read DOM content, console output and network responses from live web pages via Chrome DevTools MCP, which are untrusted/third‑party data the agent is expected to inspect and that can materially influence its diagnostic actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup runs "npx @anthropic/chrome-devtools-mcp@latest", which fetches and executes remote npm package code at runtime (a required external dependency that runs remote code), so it can directly control agent behavior.