chrome-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary user-specified URLs and executes/reads page content (see SKILL.md "打开/访问网站" and examples, and references/browser-api.md which exposes get_page_content and evaluate_javascript), so untrusted public web pages can be ingested and influence subsequent clicks, form submissions, and other actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime configuration invokes npx to fetch and run the MCP package (e.g., npx -y @anthropic-ai/chrome-devtools-mcp), which will download and execute remote code as a required dependency—flagged resource: https://www.npmjs.com/package/@anthropic-ai/chrome-devtools-mcp