chrome-devtools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly requires the agent to navigate to pages (navigate_page/new_page), wait for page text, take_snapshot, and evaluate_script using a real Chrome DevTools browser, which means it will load and read arbitrary public web pages/third‑party content (open URLs) that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP config runs an external package at runtime via "npx -y chrome-devtools-mcp@latest", which fetches and executes remote npm code that the skill depends on, so it is a runtime-executed external dependency.