chrome-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that hard-code or pass passwords/credentials verbatim (e.g., page.type('#password', 'secret') and node fill.js --selector "#password" --value "secret"), and it instructs forming scripts/CLI commands that embed secret values, which forces the agent to handle and potentially output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly navigates to and ingests arbitrary public web pages and DOM/ARIA snapshots (see SKILL.md workflow and scripts like aria-snapshot.js, snapshot.js, evaluate.js, navigate.js and select-ref.js), and then interprets that untrusted page content to decide and perform actions (click/fill/evaluate), so third‑party content can materially influence tool behavior.