Skills
skills/duc01226/easyplatform/chrome-devtools/Gen Agent Trust Hub

chrome-devtools

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The installation scripts (install-deps.sh and install.sh) use sudo to install system-level dependencies for Chrome/Chromium. This grants the skill administrative privileges during setup.
  • [REMOTE_CODE_EXECUTION]: The evaluate.js script allows for the execution of arbitrary JavaScript within the browser context via the eval() function. This enables dynamic execution of any script passed as a command-line argument.
  • [CREDENTIALS_UNSAFE]: The inject-auth.js script accepts sensitive authentication data, such as cookies and Bearer tokens, as command-line arguments. It persists this data in a local JSON file (.auth-session.json). Passing credentials as CLI arguments makes them visible to other users on the system via process lists and stores them in plain text locally.
  • [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface by ingesting untrusted data from web pages using snapshot.js and aria-snapshot.js. This data is then processed by the agent, which has powerful browser interaction capabilities.
  • Ingestion points: Web content retrieved via aria-snapshot.js and snapshot.js (located in scripts/).
  • Boundary markers: None identified.
  • Capability inventory: Full browser control via click.js, fill.js, and evaluate.js (located in scripts/).
  • Sanitization: selector.js contains a validateXPath function that blocks some dangerous patterns (e.g., javascript:, onerror=) to mitigate injection via element selectors.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 09:18 AM
Security Audit — agent-trust-hub — chrome-devtools