chrome-browser
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation guide recommends downloading and installing the
@anthropic-ai/chrome-devtools-mcppackage. This is a legitimate tool provided by a trusted organization for browser automation. - [REMOTE_CODE_EXECUTION]: The skill's core functionality relies on executing arbitrary JavaScript within the browser context via the
evaluate_javascripttool. This is the intended primary purpose of the skill for interacting with the DOM and extracting web data. - [PROMPT_INJECTION]: The skill processes untrusted content from external websites via tools like
get_page_contentandevaluate_javascript, creating a surface for indirect prompt injection where instructions hidden in web content could attempt to influence agent behavior. - Ingestion points:
get_page_contentandevaluate_javascriptinreferences/browser-api.md. - Boundary markers: The instructions do not specify the use of delimiters or boundary markers to isolate ingested web content.
- Capability inventory: The skill has the ability to navigate to arbitrary URLs, execute scripts, and capture screenshots.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from websites before it is processed by the agent.
Audit Metadata